Escolar Documentos
Profissional Documentos
Cultura Documentos
Steve Zdancewic
Stephanie Weirich
University of Pennsylvania
2 Introductory OCaml 23
2.1 OCaml in CIS 120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.2 Primitive Types and Expressions . . . . . . . . . . . . . . . . . . . . . 23
2.3 Value-oriented programming . . . . . . . . . . . . . . . . . . . . . . . 25
2.4 let declarations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.5 Local let declarations . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.6 Function Declarations . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.7 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.8 Failwith . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.9 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
2.10 A complete example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.11 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5 User-defined Datatypes 65
5.1 Atomic datatypes: enumerations . . . . . . . . . . . . . . . . . . . . . 65
5.2 Datatypes that carry more information . . . . . . . . . . . . . . . . . . 68
5.3 Type abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
5.4 Recursive types: lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
6 Binary Trees 73
9 First-class Functions 89
9.1 Partial Application and Anonymous Functions . . . . . . . . . . . . . 90
9.2 List transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
9.3 List fold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
21 Arrays 213
21.1 Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
27 Exceptions 281
27.1 Ways to handle failure . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
27.2 Exceptions in Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
27.3 Exceptions and the abstract stack machine . . . . . . . . . . . . . . . . 284
27.4 Catching multiple exceptions . . . . . . . . . . . . . . . . . . . . . . . 285
27.5 Finally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
27.6 The Exception Class Hierarchy . . . . . . . . . . . . . . . . . . . . . . 287
27.7 Checked exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
27.8 Undeclared exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
28 IO 293
28.1 Working with (Binary) Files . . . . . . . . . . . . . . . . . . . . . . . . 294
28.2 PrintStream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
28.3 Reading text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
28.4 Writing text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
28.5 Histogram demo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
nineties and first released in 1995. Like OCaml, Java was released as free, open
source software and all of the core code is still available for free. Popular languages
related to Java include C# and, to a lesser extent, C++.
Goals
There are four main, interdependent goals for CIS 120.
Firm grasp of fundamental principles CIS 120 is not just an introductory pro-
gramming course; it is primarily an introductory computer science course. It cov-
ers fundamental principles of computing, such as recursion, lists and trees, in-
terfaces, semantic models, mutable data structures, references, invariants, objects,
and types.
Fluency in core Java We aim to provide CIS 120 students with sufficient core
skills in a popular programming language to enable further development in a va-
riety of contexts, including: advanced CIS core courses and electives, summer in-
ternships, start-up companies, contributions to open-source projects and individ-
ual exploration. The Java development environment, including the availability of
libraries, tools, communities, and job opportunities, satisfies this requirement. CIS
120 includes enough details about the core Java languages and common libraries
for this purpose, though is not an exhaustive overview to Java or object-oriented
software engineering. There are many details about the Java language that CIS 120
does not cover; the goal is to provide enough information for future self study.
Why OCaml?
The first half of CIS 120 is taught in the context of the OCaml programming lan-
guage. In the second half of the semester, we switch to Java for lectures and as-
signments. If the goal is fluency in core Java, why use OCaml at all?
We use OCaml in CIS 120 for several reasons.
[The OCaml part of
the class] was very
essential to getting
fundamental ideas of Its not Java. By far, the majority of students entering CIS 120 know only the Java
comp sci across. programming language, and yet different programming languages foster different
Without the second programming paradigms. Knowing only one language, such as Java, leads to a
language it is easy to myopic view of programming, being unable to separate that is how it is done
fall into routine and
syntax lock where you
from that is how it is done in Java. By switching languages, we provide perspec-
dont really understand tive about language-independent concepts, introducing other ways of decompos-
the bigger picture. ing and expressing computation that are not as well supported by Java.
CIS 120 Student Furthermore, not all students have this background in Java, nor do they have
the same degree of experience. We start with OCaml to level the playing field and
give students with alternative backgrounds a chance to develop sophistication in
programming and review the syntax of Java on their own. (For those that need
more assistance with the basics, we offer CIS 110.)
Finally, learning a new programming language to competence in six weeks
builds confidence. A students first language is difficult, because it involves learn-
ing the concepts of programming at the same time. The second comes much easier,
once the basic concepts are in place, and the second is understood more deeply be-
cause the first provides a point of reference.
Lectures Lectures serve many roles: they introduce, motivate and contextualize con-
cepts, they demonstrate code development, they personalize learning, and moderate
the speed of information acquisition.
To augment your learning, we make lecture slides, demonstration code and
lecture notes available on the course website. Given the availability of these re-
sources, why come to class at all?
To see code development in action. Many lectures include live demonstra-
tions of code design, and only the resulting code is posted on the website.
That means the thought process of code development is lost: your instruc-
tors will show some typical wrong turns, discuss various design trade-offs
and demonstrate debugging strategies. Things will not always go accord-
ing to plan, and observing what to do when this happens is also a valuable
lesson.
To interact with the new material as it is presented, by asking questions.
Sometimes asking a question right at the beginning can save a lot of later
confusion. Also to hear the questions that your classmates have about the
new material. Sometimes it is difficult to realize that you dont fully under-
stand something until someone else raises a subtle point.
To regulate the timing of information flow for difficult concepts. Sure, you
can read the lecture notes in less than fifty minutes. However, sometimes
slowing down, working through examples, and thinking deeply is required
to internalize a topic. You may have more patience for this during lecture
than while reading lecture notes on your own.
For completeness. We cannot promise to include everything in the lectures
in the lecture notes. Instructors are only human, with limited time to prepare
lecture notes, particularly at the end of the semester.
Labs The labs (or recitations) provide a small-group setting for coding practice
and individual attention from the course staff.
The lab grade comes primarily from lab participation. The reason is that the
lab is there to get you to write code in a low-stress environment. In this environ-
ment, we use pair programming, teaming you up with your classmates to find the
solutions to the lab problems together. The purpose of the teams is not to divide
the workin fact, we expect that in many cases it will take longer to complete the
lab work using a team than by doing it yourself! The benefit of team work lies
in discussing the entire exercise with your partneroften you will find that you
and your partner have different ideas about how to solve the problem and find
different aspects difficult.
Furthermore, labs are another avenue for coding practice, adding to the quan-
tity of code that you write during the semester. The folllowing parable illustrates
the value of this:
The ceramics teacher announced he was dividing his class into two
groups. All those on the left side of the studio would be graded solely
on the quantity of work they produced, all those on the right graded
solely on its quality.
His procedure was simple: on the final day of class he would weigh
the work of the quantity group: 50 pounds of pots rated an A, 40
pounds a B, and so on. Those being graded on quality, however, needed
to produce only one pot albeit a perfect one to get an A.
Well, come grading time and a curious fact emerged: the works of
highest quality were all produced by the group being graded for quan-
tity!
It seems that while the quantity group was busily churning out piles
of work and learning from their mistakes the quality group had
sat theorizing about perfection, and in the end had little more to show
for their efforts than grandiose theories and a pile of dead clay.
David Bayles and Ted Orland, from Art and Fear [1].
Exams The exams provide the fundamental assessment of course concepts, in-
cluding both knowledge and application. Some students have difficulty see-
ing how pencil-and-paper problems relate to writing computer programs. In-
deed, when completing homework assignments, powerful tools such as IDEs, type
checkers, compilers, top-levels, and online documentation are available. None of
these may be used in exams. Rather, the purpose of exams is to assess both your
understanding of these tools and, more importantly, the way you think about pro-
gramming problems.
1. Understand the problem. What are the relevant concepts in the informal
description? How do the concepts relate to each other?
2. Formalize the interface. How should the program interact with its environ-
ment? What types of input does it require? Why type of output should it
produce? What additional information does it need? What properties about
its input may it assume? What is true about the result?
3. Write test cases. How does the program behave on typical inputs? On un-
usual inputs? On erroneous ones?
4. Implement the required behavior. Only after the first three steps have been
addressed is it time to write code. Often, the implementation will require
decomposing the problem into simpler ones and applying the design recipe
again.
1
The material in this section is adapted from the excellent introductory textbook, How to Design
Programs [3].
Step 1: Understand the problem. In the scenario above, there are five relevant
concepts: the ticket price, (number of) attendees, revenue, cost and profit. Among
these entities, we can define several relationships.
From basic economics we know the basic relationships between profit, cost and
revenue. In other words, we have
and
revenue = price attendees
Also, the scenario tells us how to compute the cost of a performance
but does not directly specify how the ticket price determines the number of atten-
dees. However, because revenue and cost (and profit, indirectly) depend on the
number of attendees, they are also determined by the ticket price.
Our goal is to determine the precise relationship between ticket price and profit.
In programming terms, we would like to define a function that, given the ticket
price, calculates the expected profit.
Step 2: Formalize the Interface. Most of the relevant conceptscost, ticket price,
revenue and profitare dollar amounts. That raises a design choice about how to
represent money. Like most programming languages, OCaml can calculate with
integer and floating point values, and both are attractive for this problem, as we
need to represent fractional dollars. However, the binary representation of floating
point values makes it a poor choice for money, since some numeric valuessuch
as 0.1cannot be represented exactly, leading to rounding errors. (This feature
is not unique to OCamltry calculating 0.1 + 0.1 + 0.1 in your favorite program-
ming language.) So lets represent money in cents and use integer arithmetic for
calculations.
Our goal is to define a function that computes the profit given the ticket price,
so let us begin by writing down a skeleton for this functionlets call it profit
and noting that it takes a single input, called price. Note that the first line of this
definition uses type annotations to enforce that the input and and output of the
function are both integers.2
Step 3: Write test cases. The next step is to write test cases. Writing test cases
before writing any of the interesting codethe fundamental rule of test-driven pro-
gram developmenthas several benefits. First, it ensures that you understand the
problemif you cannot determine the answer for one specific case, you will find
it difficult to solve the more general problem. Thinking about tests also influences
the code that you will write later. In particular, thinking about the behavior of
the program on a range of inputs will help ensure that the implementation does
the right thing for each of them. Finally having test cases around is a way of fu-
tureproofing your code. It allows you to make changes to the code later and
automatically check that they have not broken the existing functionality.
In the situation at hand, the informal specification suggests a couple of specific
test cases: when the ticket price is either $5.00 or $4.90 (and the number of atten-
dees is accordingly either 120 or 135). We can use OCaml itself to help compute
what the expected values of these test cases should be.
The OCaml let-expression gives a name to values that we compute, and we
can use these values to compute others with the let-in expression form.
2
OCaml will let you omit these type annotations, but including them is mandatory for CIS120.
Using type annotations is good documentation; they also improve the error messages you get from
the compiler. When you get a type error message, the first thing you should do is check that your
type annotations correct.
The predefined function test (provided by the Assert module) takes no input
and returns the boolean value true only when the test succeeds.3 We then invoke
the command run_test to execute each test case and give it a name, which is used
to report failures in the printed output; if the test succeeds, nothing is printed.
After invoking the first test case, we can define the test function to check the
profit functions behavior at a different price point.
Step 4: Implement the behavior. The last step is to complete the implementation.
First, the profit that will be earned for a given ticket price is the revenue minus the
number of attendees. Since both revenue and attendees vary with to ticket price,
we can define these as functions too.
3
Note that single =, compares two values for equality in OCaml.
Next, we can fill these in, in terms of another function attendees that we will
write in a minute.
For attendees, we can apply the design recipe again. We have the same con-
cepts as before, and the interface for attendees is determined by the code above.
Furthermore, we can define the test cases for attendees from the problem state-
ment.
160
140
-15
120
$0.10
100
80
60
40
20
0
$4.75 $4.80 $4.85 $4.90 $4.95 $5.00 $5.05 $5.10 $5.15
CIS120
We can determine what the function should be with a little high-school algebra.
The equation for a line
y = mx + b
says that the number of attendees y, is equal to the slope of the line m, times the
ticket price y, plus some constant value b. Furthermore, we can determine the slope
of a line given two points:
difference in attendance 15
m= =
difference in price 10
Once we know the slope, we can determine the constant b by solving the equation
for the line for b and plugging in the numbers from either test case. Therefore
b = 120 (15/10) 500 = 870.
Putting these values together gives us a mathematical formula specifying at-
tendees in terms of the ticket price.
Translating that math into OCaml nearly completes the program design.
Unfortunately, this code is not quite correct (as suggested by the pink back-
ground). Fortunately, however, our tests detect the issue, failing when we try to
run the program and giving us a chance to think a little more carefully:
Running: attendees at $5.00 ...
Test failed: attendees at $5.00
Testing Of course, for such a simple problem, this four-step design methodology
may seem like overkill, but even for this small example, the benefits of testing can
be seen, as in the arithmetic error shown above.
As another example, suppose that we later decide that our cost function should
really be parameterized by the number of attendees, not the ticket price (which
shouldnt really affect the cost). It is simple to update the cost function to reflect
this change in design, like so:
Running the test cases gives us the following output, which shows that now some
of our tests are failing:
The problem, of course, is that we must also adjust the use of cost in profit to
reflect that it expects the number of attendees:
During the course, well use it to attack much larger and more complex design
problems, where its benefits will be clearer.
Bad Design Finally, note that there are other ways to implement profit that re-
turn the correct answer and pass all of the tests, but that are inferior to the one we
wrote. For example, we could have written:
However, this program hides the structure and concepts of the problem. It du-
plicates sub-computations that could be shared, and it does not record the thought
process behind the calculation.
Introductory OCaml
Note: Our intention is that these notes should be self contained: It should not be necessary
to use any OCaml features not described here when completing the CIS 120 homework
projects. If weve missed something, or if you find any of the explanations confusing,
please post a question to the class discussion web site.
Figure 2.1: OCaml primitive data types and some operations on them.
Given these operations and constants, we can build more complex expressions,
which are the basic unit of OCaml programs. For example, here are some simple
expressions:
3 + 5
2 * (5 + 10)
"hello" "world\n"
Parentheses are used to group expressions according to the usual laws of prece-
dence. Note that different groupings may have different meanings (just as in
math):
3 + (2 * 7) <> (3 + 2) * 7
sion like profit 500. We will distinguish the large step evaluation indicated by
= from this new small step evaluation by writing the latter using the notation
7. The difference is that the 7 arrow will let us talk about the intermediate
stages of a computation. For example:
(2 + 3) * (5 - 2)
7 5 * (5 - 2) because 2 + 3 7 5
7 5 * 3 because 5 - 2 7 3
7 15
As indicated in the example above, for the purposes of this course, we will
assume that the operations on the primitive types int, string, and bool do the
expected thing in one step of calculation. (Though in reality, even this hides
many details about whats going on in the hardware.)
The = and 7 descriptions of evaluation should agree with one another in
the sense that a large step is just the end result of performing some number of
smalls steps, one after the other. The example above shows how we can justify
writing (2 + 3) * (5 - 2) = 15 because the expression (2 + 3) * (5 - 2) sim-
plifies to 15 after several 7 steps.
Here is another example, this time using boolean values:
true || (false || not true)
7 true || (false || false) because not true 7 false
7 true || false because false || false 7 false
7 true because true || false 7 true
if-then-else
OCamls if-then-else construct provides a useful way to choose between two dif-
ferent result values based on a boolean condition. Importantly, OCamls if is itself
an expression,1 which means that parentheses can be used to group them just like
any other expression. Here are some simple examples of conditional expressions:
Because OCaml is value oriented, the way to think about if is that it chooses
one of two expression to evaluate. We run an if expression by first running the
boolean test expression (which must evaluate to either true or false). The value
computed by the whole if-then-else is then either the value of the then branch or
the value of the else branch, depending on whether the test was true or false.
1
It behaves like the ternary ? : expression form found in languages in the C family, including
Java.
Note: Unlike C and Java, in which if is a statement form rather than an expression form,
it does not make sense in OCaml to leave off the else clause of an if expression. (What
would such an expression evaluate to in the case that the test was false?) Moreover, since
either of the expressions in the branches of the if might be selected, they must both be of
the same type.
let x = 3
This declaration binds the identifier x to the number 3. The name x is then
available for use in the rest of the program. Informally, we sometimes call these
identifiers variables, but this usage is a bit confusing because, in languages like
Java and C, a variable is something that can be modified over the course of a pro-
gram. In OCaml, like in mathematics, once a variables value is determined, it can
never be modified. As a reminder of this difference, for the purposes of OCaml
well try to use the word identifier when talking about the name bound by a
let.
The let keyword
A slightly more complex example is: names an expression.
let-bound identifiers
cannot be assigned to!
let y = 3 + 5 * 2
When this program is run, the identifier y will be bound to the result of evalu-
ating the expression 3 + 5 * 2. Since 3 + 5 * 2 = 13 we have:
let y = 3 + 5 * 2 = let y = 13
The general form of a let declaration is:
If desired, let declarations can also be annotated with the type of the expres-
sion. This type annotation provides documentation about the identifier, but can be
inferred by the compiler if it is absent.
To run a sequence of let declarations, you evaluate the first expression and
then substitute the resulting value for the identifier in the subsequent declarations.
Substitution just means to replace the occurrences of the identifier with the value.
For example, consider:
let x = 3 + 2
let y = x + x
let z = x + y + 4
We first calculate 3 + 2 = 5 and then substitute 5 for x in the rest of the pro-
gram:
let x = 5
let y = 5 + 5 (* replaced x + x *)
let z = 5 + y + 4 (* replaced x *)
let x = 5
let y = 10
let z = 5 + 10 + 4 (* replaced y *)
And finally, 5 + 10 + 4 = 19, which leads to the final fully simplified pro-
gram:
let x = 5
let y = 10
let z = 19
Shadowing
What happens if we have two declarations binding the same identifier, as in the
following example?
let x = 5
let x = 17
The right way to think about this is that there are unrelated declarations for two
identifiers that both happened to be called x. The first let gives the expression
5 the name x. The second let gives the expression 17 the same name x. It never
makes sense to substitute an expression for the name being declared in a let. To
see why, consider what would happen if we tried to simplify the program above
by replacing the second occurrence of x by 5:
let x = 5
let 5 = 17 (* bogus -- shouldn't replace the name x by 5 *)
The substitution doesnt make any sense the value 5 is not an identifier, so it cannot
make sense to say that we name the value 17 5. (Nor would it make sense to
name the value 17 by any other value.) We say that x is bound by a let, and we
do not substitute for such binding occurrences.
Now consider how to evaluate this example:
let x = 5
let y = x + 1
let x = 17
let z = x + 1
The occurrence of x in the definition of z refers to the one bound to 17. In OCaml
identifiers refer to the nearest enclosing declaration. In this example the second oc-
currence of the identifier x is said to shadow the first occurrencesubsequent uses
of x will find the second binding, not the first. So the values computed by running
this sequence of declarations is:
let x = 5
let y = 6 (* used the x on the line above *)
let x = 17
let z = 18 (* used the x on the line above *)
Since identifiers are just names for expressions, we can make the fact that the two
xs are independent apparent by consistently renaming the latter one, for example:
let x = 5
let y = x + 1
let x2 = 17
let z = x2 + 1
Note: Identifiers in OCaml are not like variables in C or Java. In particular, once a value
has been bound to a an identifier using let, the association between the name and the value
never changes. There is no possibility of changing a variable once it is bound, although, as
we saw above, one can introduce a new identifier whose definition shadows the old one.
let x = 3 in x + 1
Unlike the top-level let declarations we saw above, this is a local declaration.
To run it, we first see that 3 = 3 and then we substitute 3 for x in the expression
following the in keyword. Since this is a local use of x, we dont keep around the
let. Thus we have:
let x = 3 in x + 1 = 4
Here, the identifier bound by the let is in available only in the expression after
the in keywordwhen we run the whole thing, we substitute for the identifier
only there (and not elsewhere in the program). The identifier x is said to be in scope
in the expression after in.
Since the let-in form is itself an expression, it can appear anywhere an ex-
pression is expected. In particular, we can write sequences of let-in expressions,
where what follows the in of one let is itself another let:
Also, the expression on the right-hand side of a top-level let declaration can
itself be a let-in:
We follow the usual rules for computing the answer for this program: evaluate
the right-hand-side of each let binding to a value and substitute it in its scope.
This yields the following sequence of steps:
let profit =
let attendees = 120 in
let revenue = 500 * attendees in (* substituted price *)
let cost = 18000 + 4 * attendees in
revenue - cost
let profit =
let revenue = 500 * 120 in (* substituted attendees *)
let cost = 18000 + 4 * 120 in (* substituted attendees *)
revenue - cost
let profit =
let cost = 18000 + 4 * 120 in
60000 - cost (* substituted revenue *)
let profit =
60000 - 18480 (* substituted cost*)
Non-trivial scopes
It may seem like there is not much difference between redeclaring a variable via
shadowing and the kind of assignment that updates the contents of a variable in a
language like Java or C. The real difference becomes apparent when you use local
let declarations to create non-trivial scoping for the shadowed identifiers.
Heres a simple example:
Because identifiers refer the their nearest enclosing let binding, this program will
calculate to a value like this:
let x = 1 in x + (let x = 20 in x + x) + x
7 1 + (let x = 20 in x + x) + 1
7 1 + (20 + 20) + 1
7 1 + 40 + 1
7 41 + 1
7 42
Note that in the first step, we substitute 1 for the outer x in its scope, which
doesnt include those occurrences of x that are shadowed by the inner let.
Local let definitions are particularly useful when used in combination with
functions, as well see next.
f (x) = x + 1
In OCaml, top-level function declarations are introduced using let notation,
just as we saw above. The difference is that function identifiers take parameters.
The function above is written in OCaml like this:
Here, f is an identifier that names the function and x is the identifier for the
functions input parameter. The notation (x:int) indicates that this input is sup-
posed to be an integer. The subsequent type annotation indicates that f produces
an integer value as its result.
Functions can have more than one parameter, for example here is a function
that adds its two inputs:
Note: Unlike Java or C, each argument to a function in OCaml is written in its own set of
parentheses. In OCaml you write this
Calling functions
To call a function in OCaml, you simply write it next to its argumentsthis is
called function application. For example, given the function f declared above, we
can write the following expressions:
f 3
(f 4) + 17
(f 5) + (f 6)
f (5 + 6)
f (f (5 + 6))
let one = 1
2.7 Types
OCaml (like Java but unlike, for example C) is a strongly typed programming lan-
guage. This means that the world of OCaml expressions is divided up into dif-
ferent types with strict rules about how they can be combined. We have already
seen the primitive types int, string, and bool, and we will see many other types
throughout the course.
Clearly, an integer like 3 has type int. We express this fact by writing 3 :
int, or, more generally hexpi : htypei. We have already seen this notation in use
in let declarations and in function parameters, where (x : int) means that x is a
parameter of type int.
In a well-formed OCaml program, every expression has a type. Moreover, this
type can be determined compositionally from the operations used in the expres-
sion. An expression is well-typed if it has at least one type. Here are some examples
of well-typed expressions and their types:
3 : int
3 + 17 : int
"hello" : string
string_of_int 3 : string
if 3 > 4 then "hello" else "goodbye" : string
Before you run your OCaml program, the compiler will typecheck your program
for you. This process makes sure that your use of expressions in the program is
consistent, which rules out many common errors that programmers make as they
write their programs.
For example, the expression 3 + "hello" is ill typed and will cause the OCaml
compiler to complain that "hello" has type string but was expected to have type
int. Such error checking is good, because there is no sensible way for this program
to compute to a valueOCamls type checking rules out mistakes of this form. It
is better to reject this program while it is still under development than to allow it
to be distributed to end users, where such mistakes can cause serious reliability
problems.
All of the built in operators like +, *, &&, etc.. have types as you would ex-
pect. The arithmetic operators take and produce ints; the logical operators take
and produce bools. The comparison operators = and <> take two arguments of
any type (they must both be of the same type) and return a bool. This means
that, 3 = "hello" will produce an error message, for example, while 3 = 4 and
"hello" <> "goodbye" are both well typed.
The type annotations on user-defined functions tell you about the types of their
inputs and result. For example, the function quadruple declared above expects
an int input and produces an int output. We abbreviate this using the notation
int -> int, the type of functions that take one int as input and produce an int
as output.
Because double also expects an int and produces an int, it also has the type
int -> int.
On the other hand, the function sum_of_squares takes three arguments (each of
type int) and produces an int. Its type is written as follows:
Each of the functions in OCamls libraries has a type, and these types can often
give a strong hint about the behavior of the function. One example that we have
seen so far is string_of_int, which has the type int -> string.
program that contains such an ill-typed expression, the compiler will give you an
error and point you to the offending expression of the program.
Another common error in OCaml programming is to omit one or more of the
arguments to a function. Suppose you meant to increment a sum of squares 22 +
32 + 42 by 1, and you wrote the expression below, accidentally leaving off the third
argument:
In this case, OCaml will complain that the expression on the left of the + should be
of type int but instead has type int -> int. That is because you have supplied
two out of the three arguments to sum_of_squares; the resulting expression is still
a function of the third parameter, that is, if you give the missing argument 4, the
resulting expression will have the expected type int. The OCaml error messages
take some getting used to, but they can be very informative.
Conversely, another frequent mistake is to provide too many arguments to a
function. For example, suppose you meant to perform the calculation described
above, but accidentally left out the + operator. In that case, you have:
OCaml interprets this as trying to pass an extra argument, but since the expression
in parentheses isnt a function, the compiler will complain that you have tried to
apply an expression that isnt of function type.
2.8 Failwith
OCaml provides a special expression, written failwith "error string", that,
when run, instead of calculating a value, immediately terminates the program ex-
ecution and prints the associated error message. Such failwith expressions can
appear anywhere that an expression can (but dont forget the error message string!).
Why is this useful? When developing a program it is often helpful to stub out
unimplemented parts of the program that have yet to be filled in. For example,
suppose you know that you want to write two functions f and g and that g calls f.
You might want to develop g first, and then go back to work on f later. failwith
can be used as a placeholder for the unimplemented (parts of) f, as shown here:
In CIS 120, the homework assignments use failwith to indicate which parts of
the program should be completed by you. Dont forget to remove the failwiths
from the program as you complete the assignment.
Note that using failwith at the top level is allowed, but will cause your pro-
gram to terminate early, potentially without executing later parts of the code:
2.9 Commands
So far, we have seen how to use top-level declarations to write programs and func-
tions that can perform calculations, but we havent yet seen how to generate output
or otherwise interact with the world outside of the OCaml program. OCaml pro-
grams can, of course, do I/O, graphics, write to files, and communicate over the
network, but for the time being we will stick with three simple ways of interacting
with the external world: printing to the screen, importing other OCaml modules
and libraries, and running program test cases.
We call these actions commands. Commands differ from expressions or top-
level declarations in that they dont calculate any useful value. Instead, they have
some side effect on the state of the world. For example, the print_string command
causes a string to be displayed on the terminal, but doesnt yield a value. Note
that, because commands dont calculate to any useful value, it doesnt make sense
for them to appear within an expression of the program.
Commands (for now) may appear only at the top level of your OCaml pro-
grams. Syntactically, commands look like function call expressions, but we pre-
fix them with ;; to distinguish them from other function calls that yield values.
This notation emphasizes the fact that commands dont do anything except inter-
act with the external world.
Displaying Output
The simplest command is print_string, which causes its argument (which should
have type string) to be printed on the terminal:
If you want your printed output to look nice, you probably want to include
an end-of-line character, written "\\n", so that subsequent output begins on the
next line.
OCaml also provides a command called print_endline that is just like print_string
except it automatically supplies the "\\n" at the end:
There is also a command called print_int, which prints integers to the termi-
nal:
The function string_of_int and the string concatenation operator are often
useful when constructing messages to print. We might rewrite the example above
to be more informative:
;; print_endline message
The test function declared just above run_test takes no arguments, as indi-
cated by the () parameter, and returns a bool result. A test succeeds if it returns
the value true and fails otherwise (note that a test might fail by calling failwith,
in which case no answer is actually returned).
The effect of the run_test command is to execute the test function and, if the
test fails, print an error message to the terminal that indicates which test failed. In
the example above, it is easy to see that this test fails, since 1 + 2 + 3 = 6, which
is not equal to 7.
To run multiple tests in one program, we simply use shadowing so that we can
re-use the identifier test for all the test functions. Heres an example:
2.11 Notes
Parts of this Chapter were adapted from lecture notes by Dan Licata written for
CMUs course 15-150 Fall 2011, Lecture 2.
So far we have seen how to create OCaml programs that compute with atomic or
primitive valuesintegers, strings, and booleans. A few real world problems can
be solved with this just these abstractions, but most problems require computing
with collections of datasets, lists, tables, or databases.
In this chapter, well study one of the simplest forms of collections: lists, which
are just ordered sequences of data values. Many of you will have seen list data
structures from your previous experience with programming. OCamls approach
to list processing emphasizes that computing with lists closely follows the structure
of the datatype. This will be a recurring theme throughout the course: the structure
of the data tells you how you should compute with it.
3.1 Lists
What is a list? Its just a sequence of zero or more values. That is, a list is either
[] the empty list, sometimes called nil, or
v::tail a value v followed by tail, a list of the remaining elements.
There is no other way of creating a list: all lists have one of these two forms. The
double-colon operator :: constructs a non-empty listit takes as inputs the head
of the new list, v, and a (previously constructed) list, tail. This operator is some-
times pronounced cons (short for constructor). Note that :: is just a binary
operator like + or , but, unlike those, it happens to take arguments of two different
typesits left argument is an element and its right argument is a list of elements.
Here are some examples of lists built from [] and :::
[]
3::[]
1::2::3::[]
true::false::true::[]
"do"::"re"::"mi"::"fa"::"so"::"la"::"ti"::[]
The examples above can also be written more explicitly using parentheses to
show how :: associates. For example, we can equivalently write 1::(2::(3::[]))
instead of 1::2::3::[]. We usually leave out these parentheses because they arent
needed: the OCaml compiler fills them in automatically. Note that if you were to
write (1::2)::3::[] you will get a type error2 by itself isnt a list.
You can, however have lists of listsi.e., the elements of the outer list can them-
selves be lists:
(1::2::[])::(3::4::[])::[]
Writing out long lists using :: over and over can get a little tedious, so OCaml
provides some syntactic sugar to make things shorter. You can write a list of val-
ues by enclosing the elements in [ and ] brackets and separating them with semi-
colons. Rewriting some of the examples we have seen so far using this more con-
venient notation, we have:
3::[] = [3]
1::2::3::[] = [1;2;3]
true::false::true::[] = [true;false;true]
(1::2::[])::(3::4::[])::[] = [[1;2];[3;4]]
List types
The example just above uses the type annotation l : int list to indicate that
l is a list of int values. Similarly, we can have a list of strings whose type is
string list or a list of bool lists, whose type is (bool list) list.
All of the elements of a list must be of the same type: OCaml supports only
homogeneous lists. If you try to create a list of mixed element types, such as
3::"hello"::[], you will get a type error. While this may seem limiting, it is ac-
tually quite useful; knowing that you have a list of ints, for example, means that
you can perform arithmetic operations on all of those elements without worrying
about what might happen if some non-integer element is encountered.
The begin match hexpi with ... end expression compares the shape of the
value computed by hexpi against a series of pattern cases. In this example, the
first case is | [] -> true, which says that, if the list being analyzed is empty, then
the result of the match should be true.
The second case is | x::tl -> false, which specifies what happens if the the
list being analyzed matches the pattern x::tl. If that happens, then the expression
to the right of the -> in this branch will be the result of the whole match.
Note that the patterns [] and x::tl look exactly like the two possible ways of
constructing a list! This is no accident: since all lists are built from these construc-
tors, these are exactly the cases that we have to handleno more, and no less. The
difference between the pattern x::tl and a list value is that in the pattern, x and
tl are identifiers (i.e. place holders), similar to the identifiers bound by let. When
the match is evaluated, they are bound to the corresponding components of the list,
so that they are available for use in the expression following the patterns ->.
To see how this works, lets look at some examples. First, lets see how to eval-
uate the example above, which doesnt actually use the identifiers bound by the
pattern:
At this point, we match the list [1;2;3] against the first pattern, which is [].
Since they dont agree[] doesnt have the same shape as [1;2;3]we continue
to the next case of the pattern. Now we try to match the pattern x::tl against
[1;2;3]. Remember that [1;2;3] is just syntactic sugar for 1::2::3::[], which,
if we parenthesize explicitly, is just 1::(2::(3::[])). This value does match the
pattern x::tl, letting x be 1 and tl be 2::3::[]. Therefore, the result of this pattern
match is the right-hand side of the ->, which in this example is just false. The
entire program thus steps to:
In more interesting examples, the identifiers like x and tl that are used in a
cons-pattern will also appear in the right-hand side of the match case. For example,
here is a function that returns the square of the first element of an int list, or -1
if the list is empty:
square_head [3;2;1]
Now we test the branches in order. The first branchs pattern ([]) doesnt
match, but the second branchs pattern does, with x bound to 3 and tl bound
to [2;1], so we substitute 3 for x and [2;1] for tl in the right-hand side of that
branch, i.e.:
3 * 3
3.2 Recursion
The definition of lists that we gave at the start of this chapter said that a list is either
Note that we use the keyword rec to explicitly mark this function as being
recursive. If we omit the rec, OCaml will complain if we try to use the function
identifier inside its own body. Also, note that this function does case analysis on
the structure of l and that the body of the second branch calls length recursively on
the tailthis is an example of structural recursion, since the tail is always smaller
than the original list.
The first branch tells us how to compute the length of the empty list, which is
just 0. The second branch tells us how to compute the length of a list whose head
is x and whose tail is tl. Assuming that we can calculate the length of tl (which is
the result of length tl obtained by the recursive call), we can compute the length
of the whole list by adding one.
Let us see how these calculations play out when we run the program:
length [1;2;3]
1 + (length [2;3])
1 + (1 + (length [3]))
1 + (1 + (1 + length []))
1 + (1 + (1 + (0)))
Now lets look at a slightly more complex example. Suppose we want to write
a function that takes a list of integers and filters out all the even integersthat is,
our function should return a list that contains just the even elements of the original
list.
Filtering the even numbers out of the empty list yields the empty list. And if
filter_out_evens tail is the result of filtering the tail of the original list, we just
need to check whether the head of the list is even to know whether it belongs in
the output:
Finally, suppose we want to compute the list of all suffixes of a given list, that is:
suffixes [1;2;3] = [[1;2;3]; [2;3]; [3]; []]
We can easily compute this by observing that at every call to suffixes we sim-
ply need to cons the list itself onto the list of its own suffixes. Note that this obser-
vation holds true even for the empty list!
This pattern is extremely general: many, many useful functions can be written
easily by following this recipe. Here is a (very partial) list of such functions, with
brief descriptions. It is a good exercise to figure out how to implement all these
functions using structural recursion.
append takes two lists and glues them together, for example
append [1;2;3] [4;5] = [1;2;3;4;5]
intersection takes two lists and returns the list of all those elements that
appear in both lists; for example:
intersection [1;2;2;3;4;4;3] [2;3] = [2;2;3;3]
When designing tests for list processing functions, you should always consider
at least two cases: a test case for the empty list, and a case for non-empty lists.
Other kinds of test cases to consider might have to do with whether the list is even
or odd, or whether the function has special behavior when the list has just one
element.
Note: For those of you who have taken or are taking CIS 160, it is also worth noticing that
writing a program by structural induction over lists follows the same pattern as proving
a property by induction on the list. There is a base case (i.e. the case for []) and an
inductive case (i.e. the recursive case). It is no accident that lists are called inductive
data structures.
For another example where a helper function is needed, consider trying to com-
pute a function rotations that, given a list of integers, computes the list of all
circular rotations of that list. For example:
rotations [1;2;3;4] = [[1;2;3;4]; [2;3;4;1]; [3;4;1;2]; [4;1;2;3]].
Here again, thinking about how rotations would work on the result of a re-
cursive call illustrates why there might be a need for a helper function. When we
use rotations on the tail of the list [1;2;3;4], we get:
rotations [2;3;4] = [2;3;4]; [3;4;2]; [4;2;3]
The relationship between rotations [2;3;4] and rotations [1;2;3;4] seems
very nontrivialit seems like we have to intersperse the head 1 at various points
(in the last spot, the second-to-last spot, the third-to-last spot, etc.) in the prefixes
of the tail. We could perhaps write an auxiliary function that does this, but that
still seems complicated.
Heres another approach that simplifies the solution. Consider what informa-
tion from the original list that we have at each recursive call to some function f
If each such recursive call to f were to calculate one of the rotations of the orig-
inal list, what information would f be missing? Each call is missing a prefix of the
original list!
(*missing prefix*)
f [1;2;3;4] []
f [2;3;4] [1]
f [3;4] [1;2]
f [4] [1;2;3]
f [] [1;2;3;4]
If we append the two lists in each row above, we obtain one of the desired
permutations of the original list. (One of the permutations, [1;2;3;4], appears
twicewell have to be careful to leave one of them out of the result.)
This suggests that we can solve the rotations problem by creating a helper func-
tion that takes an extra parameternamely, the missing prefix needed to compute
one permutation of the original list.
If we were to accumulate these lists together into a list of lists, we would be
done. That is, we want a function f that works like:
f [1;2;3;4] [] = [[1;2;3;4]; [2;3;4;1]; [3;4;1;2]; [4;1;2;3]]
What should f do on a tail of the original, assuming we provide the missing
prefix?:
f [2;3;4] [1] = [[2;3;4;1]; [3;4;1;2]; [4;1;2;3]]
Do you see the pattern? Each call to the helper function f computes some
(but not all) of the rotations of the original list. Which ones? The ones be-
ginning with each of the elements of the first input to f. Observe that at
each call f suffix prefix we have that prefix @ suffix is the original list and
suffix @ prefix is the next rotation to generate.
Function f should therefore simply recurse down the suffix list; but at each call
it needs to rotate its own head element to the end of the prefix list, to maintain the
relationship described above.
We already know how to put an element at the front of a listwe use ::. How
do we put one at the tail? Well, we simply write a second helper function that does
the job. We call it snoc (because it is the opposite of cons):
Putting it all together, we can write rotations like so:
Watch what happens when we run this program on the list [1]:
loop [1]
1 + (loop l) (* uh oh! *)
7 . . . 7
1 + (1 + (1 + (1 + (loop l))))
4.1 Tuples
Lists are good data structures for storing arbitrarily long sequences of homoge-
neous data, but sometimes it is convenient to bundle together two or more values
of different types. OCaml provides tuples for this purpose. A tuple is a fixed-length
sequence of values, enclosed in parentheses and separated by commas. Here are
some examples:
Note that, unlike lists, the elements of a tuple need not have the same types.
We write tuple types using infix * notation, so for the three examples above, we
have:
Note that, since theres only one way to construct a tuple (using parens and
commas), we only need one case when pattern matching against a tuple.
A more lightweight way to give names to the components of a tuple is to use
a generalization of let binding that we have already seen. The idea is that, since
there is only ever one case when matching against a tuple, we can abbreviate that
case using the syntax let (x,y) = .... For example, we can rewrite first and
second above using let-tuple notation like this:
We omit the type annotation from the let binding because OCaml can infer it
from the type of the tuple to the right of the = (e.g. by looking at the type of x
above, it is easy to figure out that left should have type int and right should
have type string).
(where we give an explicit name, x, to the unit parameter), but there is not
much point in doing this, since the parameter is not used in the functions body.
So we write () instead of (x:unit), emphasizes that the parameter is trivial.
The other place in OCaml where unit is often used is as the return type of
commands such as print_string. For example, print_string takes a string input
and produces a unit output: its type is string -> unit. (Here, unit functioning
like a void return type in C or Java.) Since there is only one value of type unit, such
functions cannot return meaningful results: they are executed purely for their side
effects on the machines state (such as printing to the terminal). Whenever you see
an OCaml function that return unit, you should take it as a strong hint that there
will be some I/O or some kind of other effect when you call that function.
See 12 for a more in-depth discussion about the uses of the unit type.
As an example of how one might use nested patterns, the following match ex-
pression has three cases, one for when the list is empty, one for singleton lists, and
one for when a list has two or more elements:
When OCaml processes a match expression, it checks the value being matched
against each pattern in the order they appear. In the example above, the case for
singletons must appear before the case for two or more, since the pattern x::tail
can match a singleton list like 1::[] by binding tail to []. This means that if
we were to reverse the order of the cases, then the third branch would never be
reached:
If your cases are written so that one of them can never be executed, OCaml will
warn you that the match case is unused. This is a good sign that there is a bug in
your program logic!
4.3 Exhaustiveness
OCaml can determine whether you have covered all the possible cases when pat-
tern matching against a datatype. For example, suppose you wrote the following:
will report a Match_failure error. To prevent such surprises at run time, OCaml
will give you a helpful warning that you have missed a possible case (this pattern-
matching is not exhaustive) when you compile the program. Besides the warning,
the compiler will provide an example that isnt handled by your branches.
Note that the second branch doesnt use x anywhere. We can emphasize that
fact by using the special _ pattern, which matches any value but doesnt give a
name for it. So, for example, we could write:
A wildcard pattern can appear anywhere in a pattern. Here are some examples:
_ (* matches anything *)
x::_ (* matches any non-empty list; names the head *)
_::_ (* matches a non-empty list without naming
its parts *)
4.5 Examples
Heres an example function that uses lists, tuples, and nested pattern matching.
The function is called zip; it takes as inputs two lists, and it returns a list of pairs,
drawn in lockstep from the two lists. For example, we have:
zip [1;2;3] ["uno"; "dos", "tres"]
= [(1, "uno"); (2, "dos"); (3, "tres")]
User-defined Datatypes
This could work1 , but its not a very good idea for a few reasons. First,
int values and days of the week support different operationsit makes sense
to subtract 1 - 2 to obtain the answer -1, but what would the subtraction
Tuesday - Wednesday mean? There is no day of the week that is represented by -1.
This may seem relatively innocuous, but its a recipe for disaster. Consider writing
a function that converts days of the week (represented as ints) into strings:
1
Its essentially what you do in a weakly-typed language like C
Everywhere you use such an encoding, you have to check to make sure (as in
the last else clause above) to handle the case of an invalid encoding. Forgetting to
check for such cases will lead to bugs and other unexpected failures in your code.
Another reason why such encodings are a bad idea is that its also possible to
accidentally confuse typesif you encode both weekdays and nucleotides as int
values, it would be possible to pass an integer representing a nucleotide to the
string_of_weekday function, which will likely yield nonsensical behavior.
For all of the reasons above, modern type-safe programming languages, in-
cluding OCaml, Java, C#, Scala, Haskell, and others allow programmers to create
user-defined datatypes, which effectively extend the programming language with
new abstractions that can be manipulated just like any other values.
In OCaml, such datatypes are declared using the type keyword. For example,
here is how the datatype for days-of-the-week can be defined:
type day =
| Sunday
| Monday
| Tuesday
| Wednesday
| Thursday
| Friday
| Saturday
This declaration defines a new type, named day, and seven constructors for that
type, Sunday, Monday, etc. These constructors are the values of the type daythey
enumerate all the possible ways of creating a day. Moreover, there are no other ways
to create a value of type day.
Note: In OCaml, user-defined types must be lowercase, and the constructors for such types
must be uppercase identifiers.
After this top-level declaration, you can program with days of the week as a
new type of value, for example, we could build a list of some days of the week like
this:
So, we can put values of type day into data structures; how else can we compute
with them?
If you think about it, the only fundamental operation needed on a datatype
like day is the ability to distinguish one value (like Monday) from another value
(like Tuesday). Given that operation, we can build up more complicated operations
simply by programming new functions.
Just as OCaml uses pattern matching to allow functions to examine the struc-
ture of lists and tuples, we also use pattern matching to do case analysis on user-
defined datatypes. The patterns are the constructors of the datatype. So, we can
write a function that computes with days like this:
Heres another function that, given a day of the week, returns the day after it:
The fact that the seven constructors Sunday, Monday, etc., are the only ways of
creating a value of type day means that OCaml can automatically determine when
you have covered all of the cases. For example, if you had left out the wildcard case
_ in is_weekday or if you had accidentally left out one of the days in day_after,
the OCaml compiler will give you a warning that your pattern matching is not
exhaustive.
type nucleotide =
| A (* adenine *)
| C (* cytosine *)
| G (* guanine *)
| T (* thymine *)
Now consider the problem of how to represent data being produced by some
potentially faulty sensor that is able to detect counts of nucleotides or triples of
nucleotides that are bundled together into a codon. That is, the experiment can
produce one of three possible measurements: the measurement can be missing (in-
dicating a fault), the measurement can be a nucleotide count which consists of a
particular nucleotide value along with an integer representing the count detected,
or the measurement can be a codon count which consists of a triple of nucleotides
along with a count.
In OCaml, we can use the type keyword to create a datatype whose values
contain the information described above:
type experiment =
| Missing
| NucCount of nucleotide * int
| CodonCount of (nucleotide * nucleotide * nucleotide) * int
This type declaration introduces the type experiment and three possible con-
structors. The Missing constructor is an atomic valueit doesnt depend on any
more information. The other two constructors, NucCount and CodonCount each have
some data associated with them. This is indicated syntactically by the of keyword
followed by a type.
To build a NucCount value, for example, we simply provide the NucCount con-
structor with a pair consisting of a nucleotide and an int. Similarly, we can build
a CodonCount by providing a triple of nucleotides and an int. Here are some ex-
amples values, all of which have type experiment:
Missing
NucCount(A, 17)
NucCount(G, 124)
CodonCount((A,C,T), 0)
CodonCount((G,A,C), 2512)
Just as we use pattern matching to do case analysis on the atomic values in the
day type, we can also use pattern matching on these more complex data structures.
The only difference is that since these constructors carry extra data, we can use
nested patterns (see 4.2) to bind identifiers to the subcomponents of a value. Here,
for example, is a function that extracts the numeric count information from each
experiment:
Note that since the NucCount constructor takes a pair, we use a nested tuple
pattern to bind its components in the branches. The CodonCount branch is similar. If
we had instead been looking for a particular occurrence of a codon triple, we might
have used a more explicit pattern instead. For example, suppose we are looking
for the counts of experiments for which a codon whose first and last nucleotide is
G. We could write such a function like this:
Returning to the DNA example, we might find it useful to define a type for
codons, which consist of a triple of nucleotides, and a type for helices, which are
just lists of nucleotides. We do so in OCaml using type abbreviations, like this:
These top-level declarations introduce new names for existing types. Note that,
unlike the datatype definitions we saw above, these type declarations dont use a
list of |-separated constructor names. OCaml can tell the difference because con-
structor names (A,C,Missing, NucCount) are always capitalized but type identifiers
(day, nucleotide, codon) are always lowercase.
After having made these type abbreviations, we can use each name inter-
changeably with its definition throughout the remainder of the program, including
subsequent type definitions. For example, if we have made these type abbrevia-
tions, we could shorten the type definition for experiment to this:
type experiment =
| Missing
| NucCount of nucleotide * int
| CodonCount of codon * int (* codon instead of a triple *)
Since a type abbreviation is just a new name for an existing type, we can use
whatever functions or pattern matching operations were available for the existing
type to process data of the abbreviated type.
type my_string_list =
| Nil
| Cons of string * my_string_list
Here, the constructor Nil plays the role of [], and a value like Cons(v,tl)
plays the role of v::tl. We can program recursive functions over these lists just
as we would the built-in ones. For example, here is the length function for the
my_string_list type:
We could even write functions that convert between my_string_list and the
built-in string list type:
Binary Trees
OCaml includes built-in syntax for lists, and we have already seen how we can
create a user-defined datatype that has the same structure as those built-in lists.
Lists are a very common pattern in programming because sequences of data occur
naturally in many settingsthe list of choices in a menu, the list of students taking
a course, the list of results generated by a search engine, etc..
In this chapter, we introduce another frequently occurring data structurethe
binary tree. Sometimes, such trees arise naturally from the problem domain: for
example the evolutionary tree that arises when a species evolves into two new
species. Other times, computer scientists use trees because they let us exploit an
ordering on data to efficiently search for the presence of an element in a large set
of possible values, as we will see below.
For the purposes of this Chapter, well consider a simple example of binary
trees. What is a binary tree? A binary tree is either Empty (meaning that it has no
elements in it), or it is a Node consisting of a left subtree, an integer label, and a right
subtree.
In OCaml, we can represent this datatype like so:
type tree =
| Empty
| Node of tree * int * tree
Figure 6.1 shows a picture of a typical binary tree. The root node is at the top
of the tree. A leaf is a node both of whos children are Emptythey appear at the
bottom of the tree in this picture.1 Any node that is not a leaf is sometimes called
an internal node of the tree.
The tree in Figure 6.1 is represented in OCaml by simply building up a value
1
For some reason, trees in computer science have their roots at the top and their leaves at the
bottom. . . unlike real trees.
5' %667'#68)'
3)='*>?7%))'
)DF7&'
A'?"#$%&'7%))'"*')"7;)%'!"#$%B'6%'$'&'(!'C"7;'$7'D6*7''
7C6'<;"38%)#B'?67;'6@'C;"<;'$%)'$3*6'?"#$%&'7%))*E'
Figure 6.1: The parts of a binary tree.
+,-./0'1'2$33'/0..' A)*!+,'"*'$'#68)'C;6*)'<;"38%)#'$%)'?67;'')DF7&E' .4'
from the tree constructors. The serial nature of text isnt very good at representing
the 2D picture, but you can still see how the picture corresponds to the OCaml
value:
let tree_fig_51 =
Node(Node(leaf 0,
2,
leaf 1),
3,
Node(leaf 3,
2,
leaf 1))
Note that the definition of the type tree is recursive, but, unlike the list
datatype we saw previously, there are two occurrences of tree within a Node. This
means that when we write a recursive function that computes with trees, it will in
general have two recursive calls.
Here are some simple examples that compute basic properties about a tree:
The size of a tree is the total number of nodes in the tree (ignoring the labels of
those nodes). A trees height is the length of the longest path from the root to any
leaf.
Different ways of processing a tree use can traverse the elements in different
orders, depending on the desired goal. Three canonical ways of traversing the tree
are in order (first the left child, then the node, then the right child), pre order (first
the node, then the left child, then the right), and post order (first the left child, then
the right child, then the node). We can write functions that enumerate the elements
of a tree in these orders by serializing the tree into a list:
This function first checks the root nodes value, x, to see if it is n. If so, the
answer is true (recall that OCamls boolean or operator || is short circuitingif its
left argument evaluates to true then the right-hand argument is never evaluated).
In the case that x <> n, the search continues recursively into first the left sub tree
and then the right subtree.
The function contains might, in the worst case, have to search through all the
nodes of the tree. In particular, when looking for an element n that isnt in the tree,
this search will continue until every node is examined. For a small tree, that isnt
such a problem, but in the case that the tree contains tens of thousands or millions
of elements, such a search can take a long time.
Can we do better? It depends on what the data in the tree is representing. If it is
the structure of the tree that matters or if there are patterns in the data of the nodes
of the tree, then we may not be able to improve the search processfor example,
it might be important that a certain element appears many times at various points
in the tree.
However, there is another common case: the nodes of the tree are intended to
be distinct labels, and what matters is whether a given label is present or absent
in the tree. In this case, we can think of the tree of nodes as representing the set of
node labels and the contains function as determining whether a given label is in
the set.
If we further assume that the labels can be linearly ordered (i.e. arranged on the
number line), it is possible to dramatically improve the performance of searching
the tree by exploiting that ordering. The basic idea is the same one underlying the
telephone book or a dictionaryarranging the data in a known order, for example
by alphabetical order, allows someone who is searching through the data to skip
over large irrelevant parts.
For example, when looking up the telephone number for a taxi cab, I might
flip open the phone book to the L section (probably in the lawyers) section.
Since I know that taxi comes after lawyer alphabetically, I dont even have to
bother to look earlier in the phone book. Instead, I flip much later, perhaps to the
R part, where I see restaurant listings. Since taxi is still later, I know I dont
have to look at the intervening pages. Flipping once more to the V section of
veterinarians, I now know to flip just a bit earlier, where I finally hit the T for
3#
:# ;# <=>*#>1&>#>1*#+/2#
,"?&-,&">@#1=)A#B=-##
>1,@#>-**C#
4# 7#
:# ;# ;#
5# 6# 8#
:#
9#
contains a given element, we can write a lookup function that only searches the
relevant parts of the tree.
Note the difference: lookup will only ever take either the left branch (if n is less
than the nodes label) or the right branch (if n is greater than the nodes label) when
searching the tree.
How much difference could this make in practice? Consider the case of a bi-
nary search tree containing a million distinctly labeled nodes. Then the contains
function will have to look at a million nodes to determine that an element is not in
the tree. In contrast, if the lookup function takes time proportional to the height of
the tree. In the good case when the tree is very full (i.e. almost all of the nodes have
two children), then the height is roughly logarithmic in the size of the tree1 . In the
case of a million nodes, this works out to approximately 20. Thus, doing a lookup
in a binary search tree will be about 50,000 times faster than using contains.2
1
A complete, balanced binary tree of height h has 2h 1 nodes, or, conversely if there are n
nodes, then the tree height is log2 n.
2
The assumption that the tree is nearly full and balanced is a big oneto ensure that this is
the case more sophisticated techniques (e.g. redblack trees) are needed. See CIS 121 if youre
interested in such datastructures.
The is_bst function uses these two helpers to directly encode the binary search
tree invariant as a program:
This solution isnt very satisfactory, though. It is very unlikely that some tree
we happen to obtain from somewhere actually satisfies the binary search tree in-
variant. Moreover, checking that the tree satisfies the invariant is pretty expensive.
A better way to construct a binary search tree, is to start with a simple binary
search tree like Empty, which trivially satisfies the invariant, and then insert or
delete nodes as desired to obtain a new binary search tree.
Each operation must preserve the binary search tree invariant: given a binary
search tree t as input, insert t n should produce a new binary search tree that
contains the same set of elements as t but additionally contains n. If t happens to
already contain n, then the resulting tree is just t itself.
How can we implement such an insertion function? The key idea is that insert-
ing a new element is just like searching for itif we happen to find the element
were trying to insert, then the result is just the input tree. On the other hand, if
the input tree does not already contain the element were trying to insert, then the
search will find a Empty tree, and we just need to replace that empty tree with a
new leaf node containing the inserted element. In code:
The code for insert exactly mirrors that of lookup, except that it returns a tree
at each stage rather than simply searching for the element. We have to check that
the resulting tree maintains the binary search tree invariant, but this is easy to see,
since we only ever insert a node n to the left of a node x when n is strictly less than
x. (And similarly for insertion into the right subtree.)
Deletion is more complex, because there are several cases to consider. If the
node we are trying to delete is not already in the tree, then delete can simply
return the original tree. On the other hand, if the node is in the tree, there are three
possibilities. First: the node to be deleted is a leaf. In that case, we simply remove
the leaf node by replacing it with Empty. Second, the node to be deleted has exactly
one child. This case too is easy to handle: we just replace the deleted node with
its child tree. The last case is when the node to be deleted has two non-empty
subtrees. The question is how delete the node while still maintaining the binary
search tree invariant.
This requires a bit of cleverness. Observe that the left subtree must be non-
empty, so it by definition contains a maximal element, call it m, that is still strictly
less than n, the node to be deleted. Note also that m is strictly less than all of the
nodes in the right subtree of n. Both of these properties follow from the binary
search tree invariant. We can therefore promote m to replace n in the resulting tree,
but we have to also remove m (which is guaranteed to be a leaf) at the same time.
Putting all of these observations together gives us the following code:
Consider these two functions that compute the lengths of either an int list
(length1) or a string list (length2):
Other than the type annotation on the argument l, both functions are identical
they follow exactly the same algorithm, independently of the kind of elements
stored in the lists.
Computing a list length is an example of a generic function. In this case, the
function is generic with respect to the type of list elements. Modern program-
ming languages like OCaml (and also including Java and C#) provide support for
writing such generic functions so that the same algorithm can be applied to many
different input types.
For example, to write one length function that will work for any list, we can
write:
The only difference between this generic version and the two above, is that the
type of the argument l is 'a list. Here the 'a is a type variable; a place holder for
types. The type of length says that it works for an input of type 'a list where 'a
can be instantiated to any type.
For example, given the definition above, we can pass length a list of integers
or a list of strings:
OCaml uses the type of the list passed in to length to figure out what the 'a
should be. In the first case, the type 'a is instantiated to int, in the second, 'a is
instantiated to string.
The length function doesnt need to do anything with the elements of the list,
but there are generic functions that can manipulate the list elements. For example,
here is how we can write a generic append function that will take two lists of the
same element type and compute the result of appending them:
(* generic append *)
let rec append (l1:'a list) (l2:'a list) : 'a list =
begin match l1 with
| [] -> l2
| h::tl -> h::(append tl l2)
end
Here there are a couple of observations to make. First, the type variable 'a
appears in the types of two different inputs (l1 and l2); this means that when-
ever OCaml figures out what type 'a stands for, it must agree with both list
argumentsit is not possible to call append with a int list as the first argument
and a string list as the second argument. Second, the result type of the function
also mentions 'a, which means that the element type of the resulting list is the
same as the element types of both the input lists. Finally, note that we can still use
pattern matching to manipulate generic data: since l1 has type 'a list we know
that inside the case for cons h must be of type 'a and tl itself has type 'a list.
Functions may be generic with respect to more than one type of value. For
example, below is a generic version of the zip function that we saw in 4.5 (the
version there worked only with inputs of type int list and string list):
Some examples of using zip show how it behaves the same no matter which
types the 'a and 'b variables are instantiated to:
We can make this into a generic binary tree type by adding a type parameter
like so:
Note the differences: we have generic type 'a tree that represents binary trees
all of whose nodes are contain values of type 'a. Different concrete instances of
such trees may instantiate the 'a variable differently. The type variable 'a is a type,
so it can be used as part of a tuple, as shown in the case for the Node constructor.
The recursive occurrences of tree must also be parameterized by the same 'a
this ensures that all of the subtrees of an 'a tree have nodes consistently labeled
by 'a values.
Here are some examples:
Node(Empty, 3, Empty) : int tree
Node(Empty, "abc", Empty) : string tree
Node(Node(Empty, (true, 3), Empty),
: (bool * int) tree
(false, 4), Empty)
Node(Node(Empty, 3, Empty), "abc", Empty) Error! ill-typed
Such generic datatypes can be computed with by pattern matching, just as we
saw earlier. In particular, the constructors of the datatype form the patterns, and
those patterns bind identifiers of the appropriate types within the branches. For
example, we can write a generic function that mirrors (i.e. recursively swaps left
and right subtrees) like this:
In the branch for the Node constructor, the identifiers lt and rt have type
'a tree and identifier x has type 'a. Since this function doesnt depend on any
particular properties of 'a it is truly generic.
This flexible re-use of code has another benefit: it means less work debugging
lots of specialized versions of the same thing. If we had to write a list length
function for every type of list element, then we would have to have many copies
of essentially the same program. Such code duplication becomes a nightmare to
maintain in larger-scale software systems. Imagine needing to keep twenty al-
most identical but not quite versions of the same function in syncif you find a
bug in one instance of the code, you have to patch it the same way in all nineteen
other instances.
First-class Functions
Then we can write the expression twice add_one 3, which will evaluate to the
value 5. To see why, we just follow the familiar rules of substitution:
twice add_one 3
7
add_one (add_one 3) substitute add_one for f and 3 for x in twice
7 add_one (3 + 1) substitute 3 for z in add_one
7 add_one 4 because 3+1= 4
7 4 + 1 substitute 4 for z in add_one
7 5 because 4+1= 5
This function takes an int as input and returns a function of type int -> int.
What does that function do? When it is called on some value x, it will compute the
result n + x.
How does this function evaluate? If we apply make_incrementor to 3, we can
compute as follows:
make_incrementor 3
7 let helper (x:int) = 3 + x in helper substitute 3 for n
At this point, we seem to get stuck: what value is computed for helper?
More puzzling is how to think about a function that takes more than one ar-
gument. Suppose we apply the function to only one inputwhat happens then?
Heres an example:
The function sum has type int -> int -> int. If we partially apply itgive it
only some of its inputsthen we can treat that partial application as a function! In
this case, since we partially apply sum to an integer x, we are left with a function
that expects only one input, namely y.
To explain how to compute with such partially applied functions and functions
as results, we need to introduce one new concept: the anonymous function. An
anonymous function is exactly what the term impliesit is a function without a
name. Using OCaml syntax, we can write an anonymous function like this:
Here, the keyword fun indicates that we are creating a value of function type. In
this case, the function takes one input called (x:int), and the body of the function
is the expression x+1.
We can write an anonymous version of the sum function above like this:
let sum : int -> int -> int = fun (x:int) (y:int) -> x + y
Note: The syntax for anonymous functions, unlike named functions, does not have a place
to write the return type. This is just an oddity of OCaml syntax; in practice OCaml can
always figure out what the return type should be anyway.
We can apply an anonymous function just like any other function, by writing it
next to its inputs and using parentheses to ensure proper grouping. We evaluate
anonymous function applications by substituting argument value for the param-
eter name in the body of the function. In the case that there is more than one
parameter, we simply keep around the fun ... -> ... parts until the function as
been fully applied (i.e. it has been applied to enough parameters.
For example, lets see how the anonymous version of sum evaluates when ap-
plied to just a single input:
(fun (x:int) (y:int) -> x + y) 3
7 (fun (y:int) -> 3 + y) substitute 3 for x
The resulting anonymous function is the answer of such a computation. Hav-
ing around anonymous functions means we can name such intermediate computa-
tions that result in functions. The fact that named definitions are just shorthand
for the let-named anonymous functions, means we can now see all of the steps in
a computation as simple substitution and primitive operations:
7 (substituting 3 for x)
7 (substituting 39 for y)
These functions are nearly identicaleach one processes the elements of the
input list of phone number entries in turn, projecting out either the name or the
number as appropriate.
We can reorganize this program to exploit that common structure by creating a
helper function parameterized by a function that says what to do with each entry:
let rec helper (f : entry -> 'a) (p : entry list) : 'a list =
begin match p with
| (entry::rest) -> f entry :: helper f rest
| [] -> []
end
After factoring out this common algorithm, we can then express get_names and
get_numbers in terms of this helper by remember that the fst function returns the
first element of a pair and the snd function returns the second element.
Now observe that the helper function doesnt really depend on the fact that it is
processing phone entries. We can further generalize by observing that the helper
can be made to work over all lists, regardless of their element types, by simply
giving f the right type. This leads to to the following function, called transform:1
1
In an unfortunate accident of fate, the transform function is more commonly called mapthe
let rec transform (f:'a -> 'b) (l:'a list) : 'b list =
begin match l with
| [] -> []
| h::tl -> (f h)::(transform f tl)
end
This list transformer applies the function f to each element of the input list and
returns the resulting listit transforms a list of 'a values into a list of 'b values.
Such transformations are extremely fundamental to any list-processing programs,
so this operation is very useful in practice. It also combines well with anonymous
functions, since you can pass an anonymous function as the argument f.
Lets look at some examples:
transform String.uppercase ["abc"; "dog"; "cat"]
= ["ABC"; "DOG"; "CAT"]
transform (fun (x:int) -> x+1) [1;2;3;4]
= [2;3;4;5]
transform (fun (x:int) -> x * x) [1;2;3;4]
= [1;4;9;16]
transform string_of_int [1;2;3]
= ["1"; "2"; "3"]
transform (fun (x:(int*int)) -> (fst x) + (snd x)) [(1,2); (3,4); (5,6)]
= [3; 7; 11]
intuition is that the function maps a given function across each element of the list. This use of the
word map is not to be confused with the abstract type of finite maps that we will see later in
10.3.
The comments in the code above indicate the common features of these func-
tions. For any function defined by structural recursion over lists, there are two
things to consider: First, what should the function return in the case that the list
is empty? This is called the base case of the recursion because it is where the chain
of recursive calls bottoms out. Second, assuming that you know the value com-
puted by the recursive call on the tail of the list, how do you combine that result
with the head of the list to compute the answer for the whole list?
In the case of the the list length function, for example, the base case says that
the empty list has length 0. The recursive case combines the value of the recursive
call length tl with the head of the list (which happens to be ignored) to compute
1 + (length tl).
For the exists function, which determines whether a list of bool values con-
tains true, the base case indicates that the empty list does not contain true (i.e.
the result is false). The recursive case computes the answer for the whole list
with head x and tail tl by simply returning true either when x is true or when
exists tl evaluates to truecombining the head with the recursive call is just
taking their logical or.
For reverse, the base case says that reversing the empty list is just the empty
list, and the recursive case says that we can combine the reversal of the tail with
x to obtain a completely reversed list by just appending [x] at then end of the
reversed tail.
So what? All three functions follow the same recursive pattern. We can expose
this common structure by creating a single function that is parameterized by the
base value and the combine operationthose are the only places where our three
examples differ.
Lets call this function foldit folds up a list into an answer by following
structural recursion. To make fold as generic as possible, lets consider imple-
menting it for an arbitrary list of type 'a list. The result type of a structurally
recursive function varies from application to application, so we expect the result
type of fold to be generic, and, as shown by the length and exists examples, it
could be different from the element type of the list were folding over. So, the re-
turn type of fold should be some type 'b. Those choices dictate the type of base
and combine: base must have type 'b since it is the answer for the empty list.
Similarly, combine takes the head element of the list, which has type 'a, and the
answer obtained from the recursive call on the tail of the list, which has type 'b,
and produces an answer, which must also be of type 'b.
These considerations lead us to this definition of fold:
let rec fold (combine:'a -> 'b -> 'b) (base:'b) (l:'a list) : 'b =
begin match l with
| [] -> base
| x::tl -> combine x (fold combine base tl)
end
Ive named the second parameter of the anonymous functions that get passed
as folds combine operation to remind us how that parameter is related to the re-
cursive callthere is no other particular significance to the choice of length_tl,
for example. We could equally well have written length2 like this:
Any function that you can write by by structural recursion can be expressed
using fold. Here, for example, is how to reimplement the transform function:
In this chapter we consider another mechanism for re-using code in different con-
texts: abstract types and modules. The key idea of an abstract type is to bundle
together the name of a fresh type together with operations for working with that
new type. This interface specifies all of the ways that values of the new type can
be created and used. The type is considered to be abstract because the interface
does not reveal details about how the type is implemented behind the scenes.
Instead, various code modules can each provide different implementations of the
same interface, perhaps with different performance characteristics.
{1, 2, 3, 4}
{a, b, c}
{(1, 2), (3, 4), (5, 6)}
Even though these sets are written using a list-like notation, the order of the
elements doesnt matter. That is, according to mathematics:
1 {1, 2, 3}
In math, we have various operations that operate on sets. For example, we can
combine two sets by taking their union, written S1 S2 , which is the set containing
exactly the elements found in either S1 or S2 :
How do we create a set and how do we manipulate the sets once we have them?
Here there are many possible design alternatives: we are looking for a simple list
of operations that will allow us to create and use sets flexibly. We certainly need a
way of creating an empty set, and it seems reasonable to be able to add an element
to or remove an element from an existing set. Taking a cue from mathematics, we
might also consider adding a union operation. It is also worth thinking about how
sets relate to other datatypes like lists: for example, we might want to be able to
1
Actually OCamls libraries do provide an implementation of sets in the Set module; here well
see how one could write this library oneself.
create a set out of a list of elements. Putting all of these considerations together,
we arrive at the following operations for creating sets:
for example. As we shall see, OCaml uses either a .mli file or a module type
signature. The commonality among these approaches is the ability to write down
a specification using the types of the operations in the module.
For the 'a set example above, if we look at only the types of each of the oper-
ations, we are left with this type signature:
Note that we are using the arrow notation to specify function types (see 2.7),
so we can read the type of add, for example, as a function that takes a value of
type 'a and and 'a set and returns an 'a set. Also note that, unlike an imple-
mentation, we use the keyword val (instead of let) to say that any module that
satisfies this interface will provide a named value of the appropriate type. So any
implementation of the set module must provide an add function with the type
mentioned above.
OCaml provides two ways of defining module interfaces. The first way is to
use OCaml modules corresponding to file names. In this style, we put the above
interface code in a file ending with the .mli extension, for example ListSet.mli,
and the implementation in a similarly-named .ml file, for example ListSet.ml.
The i part of the file extension stands for interface, and each OCaml .ml file is,
by default, associated with the correspondingly named .mli file.2
The second way to define an interface is to use an explicitly named module
type signature. For example, we might put the following type signature in a file
called MySet.ml:
2
In fact, if you dont create a .mli file for a given .ml file, the OCaml compiler will create one
for you by figuring out the most liberal interface it can for the given implementation. You may
have noticed these files appearing when you work with OCaml projects in Eclipse.
This program gives the name Set to the interface (a.k.a. module type) defined
by the signature between the sig and end keywords. Other code can appear before
or after this declaration, but it wont be considered part of the Set signature.
We can also create an explicitly-named module with a given interface using a
similar notation. Rather than put the code implementing each set operation in a
.ml file, we do this:
end
Here the keywords struct and end delineate the code that is considered to be
part of the LSet module. The advantage of having a named interface is that we can
re-use it in other contexts. For example, we might create a second, more efficient,
implementation of sets in a new module:
This can become burdensome, so OCaml also provides the open command,
which reveals all of the operations defined in a modules interface without the
need to use the ListSet. prefix. The following is equivalent to the above:
;; open ListSet
There is one gotchaif we use explicitly named modules, we still need to either
explicitly use dot notation for the implicitly defined module corresponding to the
filename. For example, if the Set interface and the two modules LSet and BSet
were all defined in the MySet.ml file, we could write:
end
for representing things like dictionarieshere the keys are words and the values
are their definitions. We could also use a finite map to capture the relationship
between a collection of students and their majors in college.
Using an informal notation, we might write down a finite map from students
to their majors like this:
Alice 7 CSCI
Bob 7 ESE
Chuck 7 FNCE
Don 7 BIOL
...
As with the sets, we can then think about which operations are needed to work
with finite maps. Clearly we need ways of creating finite maps, adding keyvalue
bindings to an existing map, looking up the value that corresponds to a key, etc..
After some thought, we might arrive at an interface for finite maps that looks
like this:
Our test cases might work with a few maps, constructed from the functions of
the map interface.
For example, these test cases can specify what happens when we look for keys
and access the associated values for keys that may or may not exist in the map.
Furthermore, the second map updates the value associated with the key 1. We
should be able access this new value.
Also as with sets, we can imagine many ways of concretely implementing such
a finite map interface. For example, we can represent the type ('k,'v) map as a
list of 'k*'v pairs, perhaps with an invariant that requires that the most recently
added value for a given key appears closer to the begining of the list. We could
also choose to implement finite maps using binary search trees, where we index
the nodes by the key component and also store a value with each key.
If we follow the first approach, we might end up with this implementation of
the interface above:
end
Consider the problem of computing the maximum integer from a list of integers.
At first sight, such a problem seems simplewe simply look at each element of
the list and retain the maximum. We can start to program this functionality very
straightforwardly by using the by-now-familiar list recursion pattern:
Unfortunately, this program doesnt have a good answer in the case that the list
is emptythere is no maximum element of the empty list.
What can we do? One possibility is to simply have the list_max function fail
whenever it is called on an empty list. This solution requires that we handle three
separate cases, as shown below:
The cases cover the empty list, the singleton list, and a list of two-or more ele-
ments. We have to separate out the singleton list as a special case because it is the
first length for which the list_max function is well defined.
This solution is OK, and can be very appropriate if we happen to know by
external reasoning that list_max will never be called on an empty lists. We saw
such use of failure in the tree_max function used to find the maximal element of
a nonempty binary search tree in 6. However, what if we cant guarantee that the
list_max function wont be called on an empty list? How else could we handle
this possibility without failing, and thereby aborting the program1
The problem is that list_max is an example of a partial functionit isnt well-
defined for all possible inputs. Other examples of partial functions that you have
encountered are the integer division operation, which isnt defined when dividing
by 0, and the Map.find function, which cant return a good value in the case that a
key isnt in its set of keyvalue bindings.
It turns out that we can do better than failing, and, moreover, we already have
all the tools needed. The idea is to create a datatype that explicitly represents the
absence of a value. We call this datatype the 'a option datatype, and it is defined
like this:
There are only two cases: either the value is missing, represented by the con-
structor None, or the value is present, represented by Some v. As with any other
datatype, we use pattern matching to determine which case occurs.
Option types are very useful for representing the lack of a particular value. For
a partial function like list_max, we can alter the return type to specify that the
result is optional. Doing so leads to an implementation like this:
As you can see, this implementation handles the same three cases as in the one
that uses failwith; the difference is that after the recursive call we must explic-
itly check (by pattern matching against the result) whether list_max tl is well
defined.
At first blush, this seems like a rather awkward programming style, and the
need to explicitly check for None versus Some v onerous. However, it is often possi-
1
OCaml, like Java and other modern languages, supports exceptions that can be caught and
handled to prevent the program from aborting in the case of a failure. Exceptions are another way
of dealing with partiality; we will cover them later in the course.
ble to write the program in such a way such checks can be avoided. For example,
here is a cleaner way to write the same list_max function by using fold:
The expression fold max x tl takes the maximum element from among those
in tl and x, which is always well-defined.
It is also worth pointing out that because the type 'a option is distinct from
the type 'a, it is never possible to introduce a bug by confusing themOCaml will
force the programmer to do a pattern match before being able to get at the 'a value
in an 'a option.
For example, suppose we wanted to find the sum of the maximum values of
each of two lists. We can write this program as:
Here we are forced to explicitly think about what to do in the case that both
lists are emptyhere we make the choice to make sum_two_maxes itself return
an int option. The option types prevent us from mistakenly trying to naively
do (list_max l1) + (list_max l2), which would result in a program crash (or
worse) if permitted.
In languages like C, C++, and Java that have a null value which can be given
any type, it is an extremely common mistake to conflate null, which should mean
the lack of a value, with an empty value of some type. For example, one might
try to represent the empty list as null. However, such conflation very often leads
to so-called null pointer exceptions that arise because some part of the program
treats a null as though it has type 'a, when it is really meant to be the None of an
'a option.
There is a big difference between the absence of a list and an empty list
it makes sense to insert an element into the empty list, for example, but it never
makes sense to insert an element into the absence of a list.
Sir Tony Hoare, Turing-award winner and a researcher scientist at Microsoft,
invented the idea of null in 1965 for a language called A LGOL W. He calls it his
billion-dollar mistake because of the amount of money the software industry has
spent fixing bugs that arise due to unfortunate confusion of the 'a and 'a option
types. Option datatypes provide a simple solution to this problem.
We will see that option types also play a crucial role when we study linked,
mutable datastructures in 16.
This Chapter studies a very uninteresting datatype: unit. This datatype is unin-
teresting because it contains exactly one value, called the unit value and written
(). However, although unit itself is uninteresting, it is still useful. Here we will see
why.
We have already seen unit in action in a couple of places. First, in OCaml,
every function takes exactly one argumentwe can use the unit type to indicate
that the argument is uninteresting:
Since there is only one value of type unit, we can omit the x:unit in the defini-
tion above, to obtain the equivalent:
let f () : int = 3
This function takes the unit argument and produces the value 3; it has type
unit -> int. We call it, as usual, by function application to the (only!) value of
type unit, like this: f ().
The unit value is first class, and we can use it in let bindings and pattern
matching like this:
let x : unit = ()
let y : string =
begin match x with
() -> "only one branch"
end
As with tuples (and other datatypes that require only one branch when pattern
matching), we can also pattern match in let and fun bindings:
We have been using functions that take unit inputs to write the test predicates
of the homework assignments, typically something like:
This program prints the string as a side effect and then binds the identifier ans
to the value 17. Note that ; is an infix operatoryou will get error messages if you
write a ; after the second expression.
As usual, we can nest expressions, and use them inside of local lets. This is
very useful for printing out information inside a function body, for example:
The values of the rgb type are records written using similar syntax:
Given one of these rgb values, we can access each field of the record using
dot notation: value.field. For example, to write a function that averages each
For example, we have cyan = {r=0; g=255; b=255}, namely a copy of the
blue value where the g field has been replaced by 255. Note that the with no-
tation encloses a record expression (like blue) inside curly-braces. We can cre-
ate a copy with more than one field replaced by listing each changed field:
{blue with g=17; r=17}.
In this color example, each field has the same type, but that doesnt have to
be the case. For example, we might create a record of employee data by doing
something like:
type employee = {
name : string;
age : int;
salary : int;
division : string
}
allows the possibility of efficient re-use of the computers memory, since modi-
fying a value in place doesnt require any copying or extra space. These features
combine to make it possible to implement algorithms that have strictly better space
requirements or performance characteristics than their pure, immutable counter-
parts.
However, although mutable state is powerful, it also requires us to radically
modify the model of computation that we use to reason about our programs be-
haviors. Since mutable state requires us to update a value in place we have to
explain where the place is that is being updated. This seemingly simple change
necessitates a much more complex view of the computers memory, and we can no
longer use the simple substitution model to understand how our programs evalu-
ate.
The new computation model, called the abstract stack machine, accounts for all
of the new behaviors introduced by adding mutable state. These include aliasing,
which lies at the heart of shared memory, and the non-local memory effects, which
make it harder to reason about programs.
It isnt too hard to modify the tree_max function to return both the maximum
value in the tree and a count of the number of times that it is called (including by
itself, recursively):
Now to modify the delete function itself, we have to thread through this
extra information about the count:
This is a bit clunky, but it gets even worse if we consider that code that uses the
delete2 method will have to be modified to keep track of the count too. For exam-
ple, before these modifications, we could have written a function that removes all
of the elements in a list from a tree very elegantly by using fold like this:
let delete_all (l: 'a list) (t: 'a tree) : 'a tree =
fold delete t l
After modifying delete to count the calls to tree_max, we now have the much
more verbose:
let delete_all2 (l: 'a list) (t: 'a tree) : 'a tree * int =
let combine (n:'a) (x:'a tree*int) : 'a tree * int =
let (delete_all_tl, cnt1) = x in
let (ans_t, cnt2) = delete2 n delete_all_tl in
(ans_t, cnt1+cnt2)
in
fold combine (t,0) l
Ugh!
Mutable state lets us sidestep having to change delete and the all of the code
that uses it. Instead, we can declare a global mutable counter, which only needs to
be incremented whenever tree_max is invoked. Lets see how to do this in OCaml:
Here, the type state is a record containing a single field called count. This field
is marked with the keyword mutable, which indicates that the value of this field
may be updated in place. We then create an instance of this record typeI have
chosen to call it global as a reminder that this state is available to be modified or
read anywhere in the remainder of the program. (Well see how to avoid such use
of global state below, see 17.)
The only change to the program we need to make is to update the global.count
at the beginning of the tree_max function. OCaml uses the notation record.field <- value
to mean that the (mutable) field component of the given record should be up-
dated to contain value. Such expressions are commandsthey return a unit value,
so the sequencing operator ; (see 12) is useful when working with imperative
updates.
Neither the delete nor the delete_all functions need to be modified. At any
point later in the program, we can find out how many times the tree_max function
has been called by by simply doing global.count. We can reset the count at any
time by simply doing global.count <- 0.
We can now easily create some points and move them around:
let p1 = {x=0;y=0}
let p2 = {x=17;y=17}
;; shift p1 12 13
;; shift p2 2 4
;; print_string (string_of_point p1) (* prints {x=12; y=13} *)
;; print_string (string_of_point p2) (* prints {x=19; y=21} *)
So far, so good.
Now consider this function, which simply sets the x coordinates of two points
and then returns the new coordinate of the first point:
What will this function return? The obvious answer is that since p1.x was
set to 17, the result of this function will always be 17. But thats wrong! Sometimes
this function can return 42. To see why, consider this example:
let p = {x=0;y=0} in
f p p (* f called with the same point for both arguments! *)
Calling f on the same point twice causes the identifiers p1 and p2 mentioned
in the body of f to be aliasesthese two identifiers are different names for the same
mutable record.
A more explicit way of showing the same thing is to consider the difference
between these two tests:
Aliasing like that illustrated above shows how programs with mutable state
can be subtle to reason aboutin general the programmer has to know something
about which identifiers might be aliases in order to understand the behavior of
the program. For small examples like those above, this isnt too difficult, but the
problem becomes much harder as the size of the program grows. The two points
passed to a function like f might themselves have been obtained by some compli-
cated computation, the outcome of which might determine whether or not aliases
are provided as inputs.
Such examples also motivate the need for a different model of computation,
one that takes into account the places affected by mutable updates. If we blindly
follow the substitution model that has served us so well thus far, we obtain the
wrong answer! Here is an example:
let p1 = {x=0;y=0}
let p2 = p1 (* create an alias! *)
let ans = p2.x <- 17; p1.x
let p1 = {x=0;y=0}
let p2 = {x=0;y=0} (* alias information is lost *)
let ans = p2.x <- 17; {x=0;y=0}.x
let p1 = {x=0;y=0}
let p2 = {x=0;y=0}
let ans = {x=0;y=0}.x <- 17; {x=0;y=0}.x
let p1 = {x=0;y=0}
let p2 = {x=0;y=0}
let ans = ignore({x=17;y=0}); {x=0;y=0}.x
let p1 = {x=0;y=0}
let p2 = {x=0;y=0}
let ans =(); {x=0;y=0}.x
let p1 = {x=0;y=0}
let p2 = {x=0;y=0}
let ans = {x=0;y=0}.x
let p1 = {x=0;y=0}
let p2 = {x=0;y=0}
let ans = 0 (* WRONG *)
The next chapter develops a computation model, called the abstract stack ma-
chine, suitable for explaining the correct behavior of this and all other examples.
We saw in the last chapter that the simple substitution model of computation
breaks down in the presence of mutable state. This chapter presents a more de-
tailed model of computation, called the abstract stack machine that lets us faithfully
model programs even in the presence of mutable state. While we develop this
model in the context of explaining OCaml programs, small variants of it can be
used to understand the behaviors of programs written in almost any other mod-
ern programming language, including Java, C, C++, or C#. The abstract stack ma-
chine (abbreviated ASM) is therefore an important tool for thinking about software
behavior.
The crucial distinction between the ASM and the simple substitution model
presented earlier is that the ASM properly accounts for the locations of data in the
computers memory. Modeling such spatial locality is essential, precisely because
mutable update modifies some part of the computers memory in placethe no-
tion of where an update occurs is therefore necessary. As we shall see, the ASM
gives an accurate picture of how OCaml (and other type-safe, garbage-collected
languages like Java and C#) represents data structures internally, which helps us
predict how much space a program will need and how fast it will run.
Despite this added realism, the ASM is still abstractit hides many of the de-
tails of the computers actual memory structure and representation of data. The
level of detail present in the ASM is chosen so that we can understand the behavior
of programs in a way that doesnt depend on the underlying computer hardware,
operating system, or other low-level details about memory. Such details might be
needed to understand C or C++ programs for example, which arent type-safe and
require programmers to manually manage memory allocation.
values, which are finished results such as integers (e.g. 0,1, . . . ), tu-
ples of values (e.g. (1,(2,3))), records (e.g. {x=0; y=1}), functions (e.g.
(fun (x:int) -> x + 1)), or constructors applied to values (e.g. Cons(3,Nil)).
The workspace keeps track of the expression or command that the computer
is currently simplifying. As the program evaluates, the contents of the
workspace change to reflect the progress being made by the computation.
The stack keeps track of a sequence of bindings that map identifiers to their
values. New bindings are added to the stack when the let expression is
simplified. Later, when an identifier is encountered during simplification, its
associated value can be found by looking in the stack. The stack also keeps
track of partially simplified expressions that are waiting for the results of
function calls to be computed.
The heap models the computers memory, which is used for storage of non-
primitive data values. It specifies (abstractly) where data structures reside,
and shows how they reference one another.
Figure 15.1 shows these three parts of an ASM in action. The sections below
explain each of these pieces in more detail and explains how they work together.
First, however, we need to understand how the ASM represents its values.
( )! Nil!
Cons! 1!
'(&
Nil!
'6&
Cons! 3!
Cons! 2!
Figure 15.1: A picture of an Abstract Stack Machine in mid evaluation of a list operation
45/(678&/%*92:&67((&
append a b. The code in the workspace is preparing to look up the value of the local identi-
fier l1 in the stack (as indicated by the underline) before proceeding on to do a pattern match. The
stack contains bindings for all of the identifiers introduced to this point, including append and the
two lists a and b. It also has a saved workspace, which is there because append is recursive, and
bindings for l1 and l2. The stack values are themselves references into the heap, which stores
both code (for the body of the append function itself), and the list structures built from Cons and
Nil cells. The arrows are references, as explained in 15.2.
@1/&'/&'"',%+%,%(-%''
Cons! 3! Nil!
3"#$%;'
B0'&/(-02+06' @1/&',%+%,%(-%'3"#$%'
01/&'#6-"C6('' :6/(0&'06'01%'#6-"C6('
-6(0"/(/(5'"'D6(&'-%##' 6+'"'E/#'-%##''
!"#$%&'("))*+,$
Figure 15.2: A pictorial representation of reference values.
Figure 15.3: The state of the ASM just before it creates the stack binding for p2. Note that p2 is
an alias of p1they both point to the same record of the heap.
A record contains a value for each of its fields. Unlike constructor cells, the
field names of a record dont actually take up space in the heap, but we mark
them anyway to help us do book keeping. We mark mutable record fields
using a doubled box, as shown, for example, by the record of type point in
Figure 15.3. Such a mutable field is the place where an in-place update
3415678$1'(*,9$6755$
occurs, as we shall see below.
A function, which is just an anonymous function value of the form (fun (x1:t1) ... (xn:tn
Figure 15.1 shows that the stack binding for append is a reference to the code
for the append function itself.1
1
We will have to refine this notion of heap-allocated functions slightly to account for local func-
tions. See 17.1 for details.
Figure 15.4: The real computer memory (left) is just an array of 32-bit words, each of which has
an address given by the index into the array. The ASM provides an abstract view of this memory
(right) in which the exact address of a piece of heap-allocated data is hidden. Constructor tags are
just arbitrary 32-bit integers chosen by the compilerin this example, the tag for Cons is 120120120
and the tag for Nil is 42. Constructor data is laid out contiguously in memory, and a reference is
just the address of some other word of memory. Again, the ASM hides these representation details.
let x = 10 + 12 in
let y = 2 + x in
if x > 23 then 3 else 4
Figure 15.5 shows the initial configuration of the ASM for this example.
The basic rules for simplification are:
!"#$%"&'()*+,
Figure 15.5: The initial state of the ASM starts with the workspace containing the entire program,
and the stack and heap both empty.
Figure 15.6: The example from Figure 15.5 after several steps of simplification. There is a binding
of x to 22 in the stack, and the expression 2 + 22 is ready to simplify next.
45!6789,!$."+:,7866,
ments are values. Primitive operations are simplified by replacing the expres-
sion with its result. This is exactly as we have seen previously. For example,
the expression 10 + 12 = 22, so we replace 10 + 12 by 22.
Figure 15.6 shows the example program after several steps of simplification
according to these rules. The ASM lecture slides show the full sequence of simpli-
fication steps for this example, which results in computing the value 4.
;, 7<,
Figure 15.7: An example of how proper shadowing is implemented in the ASM. The value of the
ready variable x will be found by searching the stack from most recent (x maps to 24) to least recent
(x maps to 22).
let x = 22 in
let x = 2 + x in
if x > 23 then 3 else 4
Figure 15.7 shows the state of the ASM when the variable x of the conditional
45!6789,!$."+:,7866,
expression is ready to be looked up in the stack. There are two bindings for x,
but the most recent one (i.e. the one closest to the bottom) will be used, which is
consistent with shadowing.
The sequence of bindings is called a stack because we only ever push elements
on to the stack and then pop them off in a last-in-first-out (LIFO) manner. This is
just like a stack of dinner platesits easy to put more on top or take away the
last one put there, but its hard to remove one in the middle. (For some reason,
computer scientists stacks are often drawn with their top toward the bottom of
the page as we show in the ASM diagrams; this is bizarre, but at least consistent
with trees having their leaves at the bottom and roots at the top.)
Treating let-bound identifiers using a stack discipline ensures that the most
recently defined value for a given identifier name will be used during the compu-
tation. Below we will see how the ASM pops bindings as part of returning a value
computed by a function call.
Cons! 3!
Figure 15.8: The ASM in the process of evaluating the expression 1::2::3::[], which we could
rewrite equivalently as Cons(1, Cons(2, Cons(3, Nil))). Here, the Nil and Cons(3,_)
cells have already been allocated in the heap, and the ASM is ready to allocate the Cons(2,_) cell.
A constructor (like Cons or Nil) is ready if all of its arguments are values. A
constructor expression is simplified by allocating a heap cell with the con-
structor tag and its arguments as data and then replacing the constructor
expression with this newly created reference.
Figure 15.8 shows the ASM part way through evaluating the list expression
1::2::3::[]. Each use of the :: operator causes the ASM to allocate a new Cons
cell in the heap. The ASM lecture slides show the full animation of the ASM for
this 45!6789,!$."+:,7866,
example.
Simplifying a match expression of the following shape is pretty straight for-
ward:
The append example from the ASM lecture slides shows in detail the use of
pattern match simplification.
Figure 15.9: The ASM after moving a function value to the heap. It is ready to create a binding,
named add1 to the reference.
Simplifying functions
There are three parts to simplifying functions: moving function values to the heap,
calling a function, and returning a value computed by a function to some enclosing
workspace.
The first of these steps is very straight forward. Recall from 9.1 that top-level
function declarations are just short hand for naming an anonymous function. For
example, the following are equivalent ways of defining add1:
and
The ASM therefore simplifies the first expression to the second before proceed-
ing. Since anonymous functions like (fun (x:int) : int -> x + 1) are one of the
three kinds of heap data (see 15.2), the ASM just moves the fun value to the heap
and replaces the fun expression with the newly created reference. The ASM then
follows the usual rules for let simplification to create a binding for the function
name on the stack. Figure 15.9 shows how the example program above looks after
following these simplification rules.
Simplifying function call expressions is more difficult. The issue is that, in gen-
eral, the function call may itself be nested within a larger expression that will re-
quire further simplification after the function returns its computed value. To model
this situation faithfully, the ASM must therefore keep track of where in the sur-
rounding expression the value computed by a function call should be returned to
once the function is done.
In the example program above, after creating a binding for add1 on the stack, we
reach a situation in which the workspace contains the expression add1 (add1 0).
We can simplify the innermost add1 by looking up the reference in the stack as
add1 (
(add1)0)! !
>' :'
Figure 15.10: The ASM just after the call to the inner add1 has been simplified. The stack contains
a saved workspace whose hole marks where the answer of this function call should be returned. It
also contains a binding for the add1 functions argument x.
usual. Then were ready to do the function callin general, a function call is ready
to simplify if the function is a reference and all of its arguments are values. Suppose
that we magically knew that the answer computed by add1 0 was going to be a
value ANSWER. Then the we should eventually simplify workspace by replacing
inner function call, (add1 0), with ANSWER to obtain a new workspace add1 ANSWER.
67(89:;'(+0)#<'9:88'
To achieve that goal, the ASM simplifies a function call like this:
First it saves the current workspace to the stack, marking the spot where the
ANSWER should go with a hole. In our example, since the original workspace
was ans1 (ans1 0), the saved workspace when doing the inner call will be
ans1 (____), where the ____ marks the hole to which the answer will be re-
turned.
Second, the ASM adds new stack bindings for each of the called functions pa-
rameters. Suppose that the function being called has the shape fun (x1:t1) ... (xN:tN) -> body
in the heap and it is being called with the arguments v1 . . . vK.3 Then there will be
stack bindings added for x1 7 v1 . . . xJ 7 vJ. In our running example, the add1
function takes only one argument called x, so only one binding will be added to
the stack.
Third, the workspace is replaced by the body of the function.4
Figure 15.10 shows the state of the ASM just after the inner call to add1 has been
simplified.
Once the function call has been initiated and the function body is in the
workspace, simplification continues as usual. This process may involve adding
more bindings to the stack, doing yet more function calls, or allocating new data
3
In general there can be fewer arguments than the function requires, which corresponds to the
case of partial application.
4
In the case of partial application, the workspace is replaced by a fun expression of the form
fun (xL:tL) .. (xN:tN) -> body, where L is J+1. To properly continue simplification will,
in this case, require the use of a closure. See 17.1.
let rec append (l1: 'a list) (l2: 'a list) : 'a list =
begin match l1 with
| Nil -> l2
| Cons(h, t) -> Cons(h, append t l2)
end in
append a b
Figure 15.11: The state of the ASM just before doing the imperative update to the p2.x field.
Note that p1 and p2 are aliasesthey point to the same record in the heap.
Figure 15.12: The ASM after doing the imperative update shown in Figure 15.11. It is clear that
running p1.x from this state will yield 17.
We can now see how the ASM correct the deficiencies of the substitution model.
Recall the following example, which computed to the incorrect answer 0 when we
used the substitution model (see 14.2)
67489:;&41/#%$&9:88&
140 The Abstract Stack Machine
Figure 15.13: The references r1 and r2 are not aliases. So the test r1 == r2 returns false. On
the other hand r2 and r3 do alias so the test r2 == r3 returns true. All of these reference values
are structurally equal, so r1 = r2 also returns true.
let p1 = {x=0;y=0}
let p2 = p1 (* create an alias! *)
let ans = p2.x <- 17; p1.x
After creating the stack bindings for p1 and p2, the resulting ASM configuration
will be that shown in Figure 15.11. It is clear that p1 and p2 are aliasesthey point
to the same record in the heap. Modifying the x field via the p2 reference, therefore
also modifies the x field of the p1 referencethey are the same field. Figure 15.12
shows the effect of doing the update; it is clear that the ASM will eventually com-
pute 17 as the (correct) answer for this program.
let x1 = [1;2;3]
let x2 = [1;2] @ [3]
;; run_test "structural equality: lists" (fun () -> x1 = x2)
On the other hand, two lists (even though they are not mutable) will not be
referentially equal if they are not stored at the same location.
let x1 = [1;2;3]
let x2 = [1;2;3]
;; run_test "reference equality: lists"
(fun () -> not (x1 == x2))
In this chapter, we consider how to use mutable state to build imperative linked
data structures in the heap. Why would we want to do that? The pure datatypes,
like lists and trees, that we have studied so far all have a simple recursive structure:
we build bigger structures out of already existing smaller structures. A con-
sequence of that way of structuring data is that we cant easily modify distant
parts of the data structure. For example, when we implement the snoc function,
which adds an element to the end of a list, we were forced to do this:
If we examine the behavior of the function call snoc v l using the ASM, we can
see that snoc copies the entire list l (because it uses the :: operator) after creating a
new list to hold the value v. This means that adding a single element to the tail of
the list costs time proportional to the length of the list, and, since l is duplicated,
twice as much heap space will be used.
Sometimes this persistent nature of pure lists is usefulfor example, if we
needed to use both l and the result of snoc v l, we might have to create the copy
anyway (which always takes time proportional to the length of l). However, in
many situations it would be more efficient and simpler to just be able to add an
element to the tail of the list directly. We can do that by creating a data structure
that is similar to a list, but that uses mutable references to link together nodes. By
keeping two references, one to the head and one to the tail, we can then efficiently
update the structure at either end.
The resulting structure is called a queue because one common mode of use is
to enqueue (add) elements to the tail of the queue and dequeue (remove) them from
the head. (Think of people waiting in line for concert tickets.) Queues are used in
many situations where lists can be used, but they also serve as a key component
in work list algorithms (where they keep track of tasks remaining to be done),
networking applications (where they buffer requests to be handled on a first-come,
first-served basis), and search algorithms (where they keep track of what part of
some space to explore next).
The design criteria above suggest that we use the following interface for a
queue module:
None!
head!
tail! None!
/'%#0,(1%2"#"#%
Some!
head! v! 1!
tail! next!
Some! None!
/%2"#"#%3&()%4'#%#5#0#'(%
Some!
head! v! 1! v! 2!
Some! None!
tail! next! next!
Some!
/%2"#"#%3&()%(34%#5#0#'($%
-.%
Figure 16.1: Several example queues as they would appear in the heap. Note that the frequent
use of options motivates the need for some visual shorthand. See Figure 16.2 for a more compact
way of drawing such linked structures.
...
end
Figure 16.1 shows several examples of queue values as they would appear in
the heap of the ASM. As shown in these examples, the proliferation of Some and
None constructors in the heap creates a lot of visual clutter. Although it is necessary
to acknowledge their existence (especially since the type of a reference to Some v is
different from that of a reference to just v itself), it is useful to present these draw-
ings in a more compact way. Figure 16.2 shows the same three queue structures
represented using visual shorthand for None and Some constructors in the heap.
As you can see, the basic structure of a queue is a linear sequence of qnodes,
each of which has a next pointer to its successor. The tail element of the queue has
its next field set to None. For the empty queue, both the head and tail are None, for
a singleton queue, the head and tail both point to the same qnode, and for a queue
0-'2@7,A'B$2$2' None!
@2%-#'
head! v! 1!
tail! next!
0'B$2$2'C",)'*-2'2&2@2-,'
head! v! 1! v! 2!
tail! next! next!
0'B$2$2'C",)',C*'2&2@2-,#'
89(:;<'='>%&&';<::' :?'
Figure 16.2: The queue structures from Figure 16.1 drawn using a visual short-hand in which
references to None are represented by a slash and references to Some v are drawn as an arrow to a
Some bubble, which gives a handle to the underlying value v.
with more than one element, the head and tail point to the first and last elements,
respectively.
head! v! 1!
tail! next!
:,*;(<&(=#>,?(.*<+(<&(3#@,(>(
head! v! 1!
tail! next!
:,*;(<&(3#@,?(.*<+(<&(=#>,(
head! v! 1! v! 2!
tail! next! next!
!"#$%&"'()%int queue)!
.*<+(<&(>#.(A,*B:*C+,(-A#@(.:,(:,*;(
123456(7(8*++(5644( 49(
head! v! 1! v! 2! v! 2!
5263%7"$)895%:"685%5"%5;$%32)5%$3$<$85%"=%5;$%>($($%
head! v! 1! v! 2!
tail! next! next!
5;$%368?)%@"85268%2%!"!#$A%
Figure 16.3: Several examples of bogus heap structures that conform to the queue datatypes. The
queue invariants rule out all of these examples (and many more).
*+,-./%0%1233%./--% -4%
CIS 120 Lecture Notes Draft of August 30, 2016
148 Linked Structures: Queues
The first part of the invariant ensures that there is a unique way of representing
the empty queue. The second part applies if the queue is non-empty. It says that
tail actually points to the tail element, and that this n2 is reachable from the head.
Together these latter invariants imply that there are no cycles in the link structure
and that the queue itself is connected in the sense that all nodes are reachable
from the head.
It is easy to verify that each of the bogus queue examples from Figure 16.3 can
be ruled out by these invariants as ill-formed. Therefore, as long as we are careful
that our queue manipulation functions establish these invariants when creating
queues and preserve them when modifying an existing queue, we may also as-
sume that any queues passed in to the Q module already conform to the invariants.
As always, this reasoning is justified because the type 'a queue is abstractthe
type definition is not exported in the module interface (see 10).
Note that, due to the queue invariants, we could have equally well chosen to
check whether q.tail = None in is_empty, and we never have to check both. By
assumption, either both q.head and q.tail are None or neither is.
How do we add an element at the tail of the queue? If the queue is empty, we
simple create a new internal queue node and then update both the head and tail
pointers to refer to it. If the queue is non-empty, then we need to create a new
queue node. By virtue of the fact that it will be the new tail, we know that its next
pointer should be None. To maintain the queue invariants, we must also modify
the old tail nodes next field to point to the newly created node:
Note that enq returns unit as its resultthis function is a command that imper-
atively (destructively) modifies an existing queue. After the update, the old queue
is no longer available.
Removing an element from the front of the queue is almost as easy. If the queue
is empty, the function simply fails. Otherwise, head is adjusted to point to the next
node in the sequence. One might therefore think that the correct implementation
of deq is:
One simple way to implement this function is to directly translate the recursive
definition of length that we are familiar with for immutable lists to the datatype
of queues. Since the linked structure of the queues is given by the sequence
of qnode values and the queue itself consists of just the head and tail pointers,
we need to decompose the length operation into two pieces: one part that uses
recursion as usual to process the qnodes and one part that deals with the actual
queue type itself. (Note that this is yet another place where the structure of the
types guides the code that we write.)
We can therefore write length like this:
In this code, the helper function loop recursively follows the sequence of qnode
values along their next pointers until the last node is found. Note that this function
implicitly assumes that the queue invariants hold, since a cycle in the next pointers
would cause the program to go into an infinite loop.
Although this program will compute the right answer, it is still somehow un-
satisfactory: if we observe the behavior of a call to this version of length by using
the ASM, we can see that the height of the stack portion of the ASM state is pro-
portional to the length of the queueeach recursive call to loop will save a copy
of the workspace consisting of 1 + (____) and create a new binding for the copy
of no. The queue lecture slides give a complete animation of the ASM for such an
example.1
It seems awfully wasteful to use up so much space just to count the number of
elements in the queuewhy not just talk down the queue, keeping a running total
of the number of nodes weve seen so far? This version of length requires a slight
modification to the loop helper function to allow it to keep track of the count:
Why is this better? At first glance, it seems that we are stuck with the same
problems as with the recursive version above. However, note that in this version
of the code, the workspace pushed on to the stack at the recursive call to loop will
always be of the form (____). That is, after the call to loop in the Some n branch
of the match, there is no more work left to be done (in contrast, the first version
1
To be fair, this same criticism applies to the recursive version of length for immutable lists that
we studied earlier.
always pushed workspaces of the form 1 + (____), which has a pending addition
operation). If we watch the behavior of this program in the ASM, we see that
the ASM will always perform a long series of stack pops, restoring these empty
workspaces when loop finally returns the len value in the None branch.
The observation that we will always immediately pop the stack after restoring
an empty workspace suggests a way to optimize the ASM behavior: there is no
need to push an empty workspace when we do such a function call since it will be
immediately popped anyway. Moreover, at the time when we would have pushed
an empty workspace, we can also eagerly pop any stack bindings created since the
last non-empty workspace was pushed. Why? Since the workspace is empty, we
know that none of those stack bindings will be needed again.
We say that a function call that would result in pushing an empty workspace
is in a tail call2 position. The ASM optimizes such functions as described above
it doesnt push the (empty) workspace, and it eagerly pops off stack bindings.
This process is called tail call optimization, and it is frequently used in functional
programming.
Why is tail call optimization such a big deal? It effectively turns recursion into
iteration. Imperative programming languages include for and while loops that are
used to iterate a fragment of code multiple times. The essence of such iteration is
that only a constant amount of stack space is used and that parts of the program
state are updated each time around the loop, both to accumulate an answer and to
determine when the loop should finish.
In the iterative version of the queue length function shown above, the extra len
argument is incremented at each call. If we see how the ASM stack behaves when
using tail call optimizations, each such call to loop essentially modifies the stack
bindings in place. That is, at every call to loop, there will be one stack binding
for no and one stack binding for len3 . Since, under tail call optimizations, those
two old bindings will be popped and the two new bindings for no and len will be
pushed each time loop is called, the net effect is the same as imperatively updating
the stack. The queue lecture slides give a detailed animation of this behavior in the
ASM.
The upshot is that writing a loop using tail calls is exactly the same as writing
a while loop in a language like Java, C, or C++. Indeed, tail calls subsume even
the break and continue keywords that are used to jump out of while loopsthe
break keyword corresponds to just returning an answer from the loop, and the
2
The word tail in this definition is not to be confused with the tail of a queue. The tail in
tail call means that the function call occurs at the end of the function body. Note, however, that
very often when writing loops over queues you will want a tail call whose argument is towards the
tail of the queue, relative to the current node being visited.
3
And, technically, one for the loop function itself, which is saved in the closure for the loop
code when it is moved to the heap.
In this example, the loop doesnt produce any interesting outputit simply
walks down the queue nodes, converts each value to a string, and prints out that
string. Note that the call to loop in the Some n branch is in a tail-call position: the
print_endline will be be done before the loop. The print function enters the loop
by calling loop q.headthis means that the loop will start traversing the queue
from the head.
Next, lets try writing a function that converts a queue to a list. Here the loop
function will return an 'a list, which is built up as the loop traverses over the
sequence of nodes. Therefore the loop function itself needs an extra argument in
which to accumulate this answer.
Our first instinct might be to do this:
Since we are building up the accumulator list l from the head of the queue to
the tail, we need to add each nodes value to the end of l (as shown by the use of
@ in the recursive call). When loop has reached the end of the sequence of nodes
(the None case), it simply returns the resulting list. Note that we provide the empty
list [] as the second argument when we start the loopthis says that the initial
value of the accumulator list is [].
However, this implementation isnt that great because, as we saw before the
append operation takes time proportional to the length of l. Since we use it on l,
which increases in length each time around the loop, this algorithm will end up
taking roughly n2 time, where n is the length of the queue.
A better way to structure this program is to build up the accumulator list in
reverse order during the loop, and then reverse the entire thing only once at the
end. This leads us to this variant, which will take time proportional to the length
of the queue:
Here we simply cons the node value to the front of the accumulator list l, but
then use the library call List.rev to reverse the list when the loop is done (in the
None branch).
We can rewrite many of the list-processing functions that used recursion to take
advantage of tail-recursive loops. For example, we can sum the elements of an
int queue using this function:
Again the accumulator that changes at each iteration of the loop is the running
total, here called sum.4 When the loop terminates, we simply return the sum, at each
iteration we increase the sum parameter by n.v. As before, we have to initialize the
value of sum to 0 by calling the loop on q.head and 0.
It is instructive to compare these iterative functions to the recursive ones we are
already familiar with. For example, here is the recursive version of sum_list that
we have seen previously, where I have used suggestive names for the head and tail
of the list:
We can see that in the recursive solution the base case computes the length of
the empty list, which is 0. In contrast, the iterative version initializes the accumu-
lator to 0 in the call to loopthe base case is analogous to the initial value of the
accumulator. The recursive version does the addition after recursively computing
the sum of the next part of the list, while the iterative version does the addition
before it jumps back to the start of the loop.
4
In fact the term accumulator comes from thinking of the extra argument of the loop function
as a running total begin accumulated.
This program mistakenly calls loop with the same qn each time in the body of the
Some branch. When we run it on a non-empty queue, the program will just hang,
producing no output and no error message. This kind of error can be frustrating to
recognizemake sure that your programs actually terminate when you run them.
A second way in which an iterative program can go into an infinite loop is if
the link structure being traversed contains a cycle. This could occur, for example,
if a value of type 'a queue that doesnt satisfy the queue invariants is passed to a
function that expects the queue invariants to hold.
In some circumstances, we can plan for the possibility of cyclic data structures
and check to see whether the function has detected a cycle. For example, suppose
that you wanted to write a function that, given a possibly invalid queue (i.e. one
that doesnt necessarily satisfy the queue invariant) returns the last node that can
be reached by following next pointers from the head. (You might want to imple-
ment such a function to check whether a given queue satisfies the invariantsthe
last element reachable from the head should be pointed to by the tail.)
Here is a function that accomplishes this task:
If we tried to write this function in the naive way shown below, calling it with
a invalid cyclic queue would cause the program to loop silently:
Local State
This Chapter explores some ways of packaging state with functions that operate on
that state. Such encapsulation, or local state, provides a way to restrict some parts
of the program from tampering with mutable values. By sharing a piece of local
state among several functions, we can profitably exploit the action at a distance
that mutable references provide.
Recall the motivating example from 14 in which a global identifier with the
mutable field count let us neatly keep track of how many times the tree_max func-
tion had been called. There are several drawbacks of using a single, global refer-
ence. First, if we want to have multiple different counters, each of which is used
to track the usage of a different function, we have to name each of the counters at
the top level of the program. Whats worse, each function that uses such a counter
would need to have to be modified in a slightly different waywe might have to
write global1.count <- global1.count + 1 in one function and the nearly iden-
tical global2.count <- global2.count +1 in another function. Supposing that we
might also sometimes want to decrement the counters, or reset them to 0 at various
points throughout the program, keeping track of which global identifier to use can
quickly become quite a hassle.
The key idea in solving this problem is to use first-class functions combined
with local mutable state. As a first step, lets first isolate the main functionality of
a counter. The code below shows an incr function, which (for now) increases the
count of the global counter by 1 and then returns the new count:
How do first-class functions and local state apply here? The problem is that to
have more than one counter, we need to generate a new mutable state record for
each counter instance. We can do that by making a function that creates the state
and then returns the incr function that updates the state:
Each time we call the mk_incr function, the result will be to create a new counter
record ctr and then return a function for incrementing that counter. For example,
if were to run the following program, we would get two incr functions, each with
its own local counter:
17.1 Closures
To understand how a call to the mk_incr function evaluates, we need to make one
slight refinement to the ASM model of 15the reason has to deal with returning
a function that refers to locally-defined identifiers. In our particular example, the
incr function returned by mk_incr refers to ctr, which is local to mk_incr. There-
fore, the ctr binding will be created on the stack during the evaluation of a call to
mk_incr, but that binding will be popped off at the point where mk_incr returns!
To remedy this problem, when the ASM stores a function value to the heap, it
also stores any of the local stack bindings that might be needed during the eval-
uation of a call to that function. In this example, since the body of incr refers to
ctr, the ASM stores a local copy of the stack binding for ctr with the function data
itself. Figure 17.1 shows the state of the ASM at the point just after incr has been
stored to the heap but before mk_incr returns. When ctr is popped off the stack,
the function incr will still be able to access its value via the locally saved binding.
This combination of a function with some local bindings is called a closure. As we
shall see, closures are intimately related to objects of an object-oriented language
like Java.
#2-&
count! 0!
#2-&
fun () ->!
ctr.count <- ctr.count + 1;!
ctr.count!
>?@AB&&,0&)00C&")0&-0D)0<0)2&
Figure 17.1: This ASM shows how the local function declared
R+"&M0&+$S0&$&#"/H&"F&2E0&&
in mk_incr stores its own local
copy2"&E$)C%0&%"#$%&F()#*")+G&,EHI&
of the stack bindings needed to evaluate its body. Here, since the incr function uses ctr, its
)00C0C&+2$#.&O:)C:);+&M:2E&
closure contains a copy of that stack binding. 2E0&F()#*")&:2+0%FG&&N@E:+&:+&
@E0&F()#*")&<0)*")+&J#2-KL&ME:#E& +"<0*<0+&#$%%0C&$&!"#$%&'RQ&
:+&")&2E0&+2$#.&NO(2&$O"(2&2"&O0&
When do the bindings associated with a closure get used? They are needed to
/"//0C&"PQR&
evaluate the body of the function, so, whenever a function invocation occurs, any
4516789&1/-:);&7866&
local bindings stored in the function closure are copied back to the stack before the
functions argument bindings are created.
Therefore, when we the program above calls incr1 (), the ctr value will be
copied back on to the stack before the body of the function is executed. This ensure
that when the body mentions ctr, there is always the appropriate binding on the
stack.
Moreover, since each copy of the function has its own closure bindings, multiple
calls to mk_incr will result in distinct closures, each with different, local copies of
their own counter records. We can see this by looking at the state of the ASM after
running the second call to mk_incr. As Figure 17.2 shows, there are two closures,
each with its own copy of ctr.
Another important aspect of using local state in this way is that the only way
to access a ctr record is by invoking the corresponding incr function. This means
that no other part of the program can accidentally tamper with the value stored in
the counter. This kind of isolation of one part of the computers state from other
parts of the program is called encapsulation. If the state inside the counter object
was more complex and required certain invariants to be maintained, restricting
access to only a small number of functions means that we only have to ensure that
they preserve the invariants.
+)&$,%
count! 1!
&3$%
fun () ->!
ctr.count <- ctr.count + 1;!
ctr.count!
<=>?@%3A#%3B.%C+D#$#)3%+)&$%EF)&(.)0%
A'G#%!"#$%$&"'H.&'H%03'3#0%I#&'F0#%'%% count! 0!
)#B%&.F)3%$#&.$C%B'0%&$#'3#C%+)%
#'&A%&'HH%3.%:/;+)&$J%
&3$%
fun () ->!
ctr.count <- ctr.count + 1;!
ctr.count!
Figure 17.2: The resulting ASM configuration after two calls to mk_incr. Each closure has its
5627,89%21$+)*%,877%
own local copy of ctr. Note also that the only way to modify the state of the ctr record is to invoke
the functionthe state is effectively isolated from the rest of the program. This property is called
encapsulation of state.
17.2 Objects
A second step toward solving the problem of reusable counters is to define a bet-
ter interface for counters. For example, we might want to decouple incrementing
the counter from reading its current value, or we might want to add the ability
to decrement and reset the counter. This leads us to define incr, decr, get, and
reset operations. It is straightforward to share a global reference among several
functions in this way, as shown here:
global.count
This is a better interfacewe now have a suite of operations that are suitable
for manipulating one counter, but it still doesnt allow us to conveniently work
with more than one such counter.
The solution to is to package these operations together in a record and, instead
of using mk_incr to create one function, use a function called mk_counter that gen-
erates all of the functions in one go:
type counter = {
incr : unit -> unit;
decr : unit -> unit;
get : unit -> int;
reset : unit -> unit;
}
This type is pronounced ref (as in reference), and it comes built in to OCaml.
Working with the 'a ref type is so common that OCaml also provides syntactic
sugar for creating, updating, and getting the value stored in the contents field of
a 'a ref value. These syntactic abbreviations are:
ref e means {contents = e}
!e means e.contents
e := v means e.contents <- v
As an example of using these syntactic abbreviations, we could have written
the mk_counter function from above as the following, with equivalent results:
Figure 17.3: The difference between reference (==) and structural = equality. Reference equality
FG0HIJ'K'L+,,'IJHH'
simply checks whether two references point to the same heap location. Structural equality (recur- M'
sively) compares the two values to see whether all of their contents are the same.
Recursively traverses the structure of the data, comparing the two values
components to make sure they contain the same data.
Reference equality:
Is usually the right kind of equality to use for comparing mutable data.
tive graphics library, which doesnt provide any of the familiar components (like
buttons, text boxes, scroll bars, etc..) that are used to create a GUI application like
the paint program. On top of that simple graphics library, we will build a useable
GUI library, modeled after Javas Swing libraries.
[The OCaml
GUI/Paint project was There are several reasons for going through this design exercise:
my favorite because] I
really enjoyed
It demonstrates that, even with just the programming techniques we have
understanding how
graphics works. I studied so far, we can build a pretty serious application.
thought building up a
graphics library from It illustrates a more complex design process than what we have seen so far.
class lectures and on my
own was both a very As we shall see, that design process leads to the event-driven model of reactive
exciting and great programming, which can be applied in many different contexts.
learning experience. We
dont usually get to see It motivates why there are features, such as classes and inheritance, in object-
the inner working of oriented languages like Java.
libraries but this project
afforded me the It shows how a real GUI library, like Javas Swing, works.
opportunity to
understand what was
going on lower level in
the code with few 18.2 The Paint Application
abstractions.
Anonymous CIS 120 As a first step towards designing a GUI library, let us consider an example appli-
Student cation that might be built using such a library.
Figure 18.1 shows an example of the kind of paint program that we are aiming
to build with the techniques presented in this Chapter.1 We are all familiar with
such simple paint programs, which let the user draw pictures with the mouse by
clicking the button create lines, ovals, rectangles, and other basic shapes. As the
picture shows, this GUI application has buttons (like Undo and Quit), check-
boxes (like Thick Lines), radio buttons (like those used for Point, Line, Ellipse,
and Text), a text entry field, custom buttons for color selection, and a canvas
area on which the user draws his or her picture. These and many other kinds of
widgets are ubiquitous in applications developed for user interaction.
Figure 18.1: An example of a paint program built using the GUI developed in this Chapter.
Note: To compile a program that uses the graphics library, be sure to include graphics.cma
(for bytecode compilation) or graphics.cmxa (for native compilation) as a flag to the
ocamlc compiler.
Among other things, OCamls graphics library provides basic functions for cre-
ating a new window, open_graph, erasing the picture displayed in the window,
clear_graph, setting the windows size resize_window, and getting the current
windows width, size_x, and height, size_y.
The graphics library provides the type color, and a variety of pre-defined color
values like black, white, red, blue, etc.. Importantly, the library manages the
2
See the graphics library documentation at http://caml.inria.fr/pub/docs/
manual-ocaml/libref/Graphics.html.
graphics window in a stateful waythere are notions of the current pen color,
which can be set using set_color, and a the current pen location, which can be
changed by using move_to. You can draw a single pixel with the current color at
coordinates (x,y) by using plot x y. Similarly, you can draw in the current color
starting at the current pen location and ending at the coordinates (x,y) by using
line_to x y. In a similar vein, there are functions for drawing rectangles, ellipses,
arcs, and filled versions of these shapes. There are also functions for adjusting the
line width used to draw the shapes, ways to put text at a certain location in the
window, and work with bitmap images.
So much for drawing things on the screen. Examining the graphics library fur-
ther, we see that it also provides a type called event, whose values describe the the
mouse and keyboard. An event is just a record that indicates the current coordi-
nates of the mouse, whether its button is up or down, whether a key is pressed,
and which key. There is also a function that causes the program to wait for a new
event to be generated by the usermoving the mouse, pressing the mouse button,
or pressing a key.
The graphics library also supports a technique called double buffering,
which is used to prevent flicker when changing or animating parts of the win-
dows displayed graphics. The idea is that, when double buffering is enabled,
the graphics drawing commands affect a second copy of the window, which is
not displayed on the screen. After the entire window is updated, the synchronize
function causes the hidden buffer to be displayed (and re-uses the displayed mem-
ory space for subsequent drawing). This prevents flicker that would be caused by
changing the graphics displayed in the window as they are drawn piece-meal us-
ing the primitive graphics operations.
What the graphics library does not provide is any kind of higher-level abstrac-
tion like button or text boxour GUI library will have to implement these
features by using the graphics primitives.
separates the button from other regions of the window. One design challenge is
thus how to conveniently package the visual attributes of widgets so that they can
be reused.
A related issue is how those buttons and other widgets are positioned on the
the screen relative to one another. Given the drawing primitives in the graphics
library, we could imagine painstakingly drawing each line of every button using
the global coordinate system of the window, but this would be extremely tedious
and very brittleone small change to how we want to layout the buttons of the
application might prompt large, intertwined changes to the program responsible
for drawing the entire window. Moreover, its not clear how we would write that
program so that, for example, just one part of the window could easily be changed
(for example to put an X in a checkbox widget).
Finally, there is the issue of how to process the user-generated mouse and key-
board inputs. This also turns out to be related to how the widgets are arranged in
the window, since the GUI library will need to determine, based on the coordinates
of the mouse click, which widget the user intended to interact with. For example,
when a user clicks on a part of the window occupied by a button widget, our GUI
library will have to somehow determine that the button was clicked. Moreover,
since each button will typically trigger a different behavior, each button should
somehow be associated with a piece of code that gets run when the mouse click
occurs.
The next several sections tackle each of these problems in turn.
=>(+?@-.)
7484:)
;&<6.-D?+'#?)
7484:)
7/89:)
;&<6.-) %)
;)
=)6"#$%&'()'+,-./-)!'-/A-)".$".(.,-()#)$+(&B+,);&-%&,)-%.);&,<+;8)".?#BC.)-+);%&'%)
Figure 18.2: A widget draws itself in terms of widget-local coordinates, which are made relative
-%.);&<6.-D?+'#?)'++"<&,#-.()(%+@?<)>.)&,-."$".-.<A))E.)'#,)#<<)#<<&B+,#?)'+,-./-))
to the global coordinate system by using a Gctxt.t value, which, among other things, contains
the (x,y) offset from the origin of the graphics window. Here the grey region represents the entire
&,F+"G#B+,)-%#-)(%+@?<)>.)H&,%."&-.<I)>9)'%&?<".,);&<6.-()7.A6A)'@"".,-)$.,)'+?+":A)
graphics window . Each widget also keeps track of its width and height, which are needed for
computing layour information.
*012345)1$"&,6)3422)
by the OCaml graphics library and the one wed prefer for GUI applications: the
graphics library uses Cartesian coordinates where the origin (0,0) is located at the
lower-left corner of the graphics window, and the y axis increases upwards in the
vertical direction. This set up is handy for plotting mathematical functionsit
agrees with the usual way we think of the coordinate system when we graph a
function in algebra or calculus. Unfortunately, locating (0,0) in the lower-left is not
very good for GUI applications. The issue is that when a user resizes the window,
the typical GUI behavior is to make more space available to the application. Im-
portantly, the menu bars, etc. that appear at the top of the screen should remain
fixedthe extra space obtained by resizing the window should appear at the bot-
tom of the window, not the top. This means that for GUI applications, the global
origin should be located in the top-left corner of the window.
These considerations lead us to a design in which the Gctx module provides a
type gctx that stores the position relative to which a widget should be drawn. Its x
and y coordinates are with respect to the GUI-global origin (0,0), located at the top-
left corner of the graphics window, and for which y values increase downwards in
the vertical direction. The Gctx module also provides functions that translate from
widget-local to OCaml graphics coordinates, relative to the Gctx.gctx offset. The
Gctx module also wraps each of the primitive OCaml graphics routines to do
the translation from widget-local to OCaml coordinatesthis means that all of the
widget drawing code can be written in a position-independent way.
Since the OCaml graphics library also maintains a current pen color, it is useful
to add a color component to the Gctx.gctx, which will allow our GUI library to
(potentially) define a widgets visual appearance relative to the color in addition to
making them relative to their position in the window. The Gctx drawing operations
therefore also set the OCaml graphics pen color accordingly.
Here is a sample of the resulting code for the Gctx module (the full implemen-
tation wraps more drawing routines than just the ones shown below):
(* Gctx.ml *)
type gctx = {
x:int; y:int; (* offset from (0,0) in GUI coords *)
color:Graphics.color; (* the current pen color *)
}
Graphics.set_color g.color
type widget = {
repaint : Gctx.gctx -> unit;
size : unit -> (int * int);
}
The repaint function asks the widget to draw itself using the Gctx drawing
primitiveswe call it repaint because, eventually, we repeatedly draw widgets
to the screen, which allows for animation or changes to the visual state of the GUI
application. For example, a checkbox widgets repaint function might draw an
X depending on whether the checkbox is selected (as shown in the Thick Lines
checkbox of Figure 18.1).
3
In 18.10 we will extend this type to deal with user events
Given just the widget type above, we can already create some simple widgets.
The simplest widget does nothing but occupy space in the windowits repaint
function does nothing, and its size is determined by parameters passed in when
constructing the widget object.
The label widgets repaint function just uses the draw_string operation pro-
vided by Gctx, its size is just the size of the string when drawn on the window.
Another useful widget simply exposes a fixed-sized region of the screen as a
canvas that can be painted on by using the Gctx drawing routines. The canvas
widget is just a widget parameterized by the repaint function:
The three widgets above dont yet do anything very interesting to the window
display. Since we will eventually want to draw buttons and other complex widgets
with lines indicating their boundaries, it is useful to create a widget border wrap-
per. Given a widget w, the widget border w simply draws a rectangular border
around the outside of w. The border widget therefore calls the wrapped widgets
repaint method and also adds its own code to draw the rectangle around the in-
ner widget. The only wrinkle is that we have to be a bit careful with the graphics
context. Figure 18.3 illustrates the situationthe border widgets repaint function
should call ws repaint function, but, since ws upper-left corner is not located at the
J$ H$ F$ K$ L$ =1:2$1*(,"$>$?A$3$H$
J$
,'/.26/,#$ H$
,"#$D9,5$ F$
K$
1$ 1:2$$
"#*+",$
=1:2$"#*+",$>$?A$3$H$
1:2$1*(,"$
$let
Figure18.3: b border
The = border w!wraps another widget w with a one-pixel thick line set one pixel
widget
0'/12$/$&.#34*5#6$1*(#$7&'(#'$/'&8.($9&.,/*.#($1*(+#,$w$
away from the inner widget. The border widgets repaint funtion calls ws repaint, but must
use Gctx.translate to shift the inner widgets local coordinate system to (2,2), relative to the
b:2$$2*;#$*2$26*+",6<$6/'+#'$,"/.$1:2$=>?$4*5#62$*.$#/9"$(*@#.2*&.A$
border widgets local origin.
7:2$'#4/*.,$@#,"&($@82,$9/66$1:2$'#4/*.,$@#,"&($
)"#.$b$/2B2$1$,&$'#4/*.,C$7$@82,$!"#$%&#!'$,"#$D9,5E,$,&$=FCFA$,&$/99&8.,$G&'$,"#$
origin, we have to translate the graphics context slightly before passing it on to ws
(*246/9#@#.,$&G$1$G'&@$7:2$&'*+*.$ HI$
repaint. This functionality is easy to add to the Gctx module:
(* Gctx.ml *)
(* Shifts the gctx by (dx,dy) *)
let translate (g:t) ((dx,dy):int*int) : gctx =
{g with x=g.x+dx; y=g.y+dy}
,(&/02&,#$=5,>$
,.$(#%&'/,$7C$
7B$
"G0$$
7C$
"#'+",$
"G0$7'*,"$
let h = hpair w1 w2 !
Figure 18.4: The call hpair w1 w2 yields a widget h comprised of w1 and w2 layed out hori-
zontally -(#&,#0$&$".('1./,&223$&*4&5#/,$%&'($.6$7'*+#,0$
adjacent to one another. The right widgets Gctxt.t must be translated by the width of
the left widget.
82'+/0$,"#9$:3$,"#'($,.%$#*+#0$
;<0,$,(&/02&,#$,"#$=5,>$7"#/$(#%&'/?/+$,"#$('+",$7'*+#,$
@'1#$'0$,"#$0<9$.6$,"#'($7'*,"0$&/*$9&>$.6$,"#'($"#'+",0$
size = (fun () ->
let (width,height) = w.size () in
width + 4, height + 4);
-A@BCD$E$@%('/+$CDBB$ BF$
}
The translate function also suggests how we can create a wrapper widget
that will lay out two widgets side-by-side in the window. The idea is to simply
translate the right widget horizontally by the width of the left widget, as shown in
Figure 18.4. The size is simply the sum of the two widgets heights and maximum
of their heights. The resulting horizontal pair widget code looks like this:
</)#%)'
,8*")'
Hello! World!
</)#%)' ,8*")'
!"#$%&'&)%%' 0*<%0'
123456'7'38)"9$'5644' 54'
(* Create some labels *)
let l1 = label "Hello"
let l2 = label "World"
(* Compose them horizontally, adding some borders *)
let h = border (hpair (border l1)
(hpair (space (10,10)) (border l2)))
Figure 18.5: Widgets form a tree: each wrapper widget like a border or hpair contains one
or more children. The tree on the left above corresponds to the widget h created by the program
above. When painted to the graphics window, h would be displayed as shown on the right.
example, calling h.repaint for the program of Figure 18.5 will cause the image
shown on the right-hand side of the Figure to be displayed.
As a first cut for the top-level program, we can thus create a run function that
takes in the root widget, creates a new OCaml graphics window, asks the widget
to repaint itself, and then goes into an infinite loop. (We have to use some kind of
loop, otherwise the program would draw the widget and then exit too quickly for
us to see the resulting graphics!)
As we shall see next, we will modify this top-level loop so that it can process
user-generated GUI events, such as mouse motions.
open Widget;;
(*
Here, the OCaml graphics library is set to use double buffering by turning off
auto synchronization. Double buffering is a technique used to eliminate flicker
caused when graphics are written incrementally to the display device; rather than
do that, all of the graphics are written to a backing buffer, which is then dis-
played all at once when the Graphics.synchronize function is invoked.
The new part of this run function is what allows the GUI program to be
interactive it consists of two lines of code, which make use of some new func-
tionality that we will add to the Gctx and Widget modules, as explained in more
detail below:
First, the new function wait_for_event tells the program to wait for a new user-
generated mouse or keyboard event. Second, once an event is received, we call the
root widgets handle function to ask it to process the event.
type event_type =
| KeyPress of char (* User pressed the following key *)
| MouseDrag (* Mouse moved with button down *)
| MouseMove (* Mouse moved with button up *)
| MouseUp (* Mouse button released, no movement *)
| MouseDown (* Mouse button pressed, no movement *)
An event is an abstract type provided by the Gctx module. These values de-
scribe the sort of event that occurred, and the position of the mouse (in widget-
local coordinates) when the event occurred.
Events are created by instructing the operating system to wait until the next
event occurs. The following function is called in the event loop for just that pur-
pose.
Mock events can also be created for unit testing. These events are represented
in the same way as those created by wait_for_event, but they are not generated by
moving the mouse or pressing keys. Instead, they allow unit tests to pretend that
a mouseclick or key press has occurred.
@=#1-/*+/A=B-
,#$#1(C$,-
#"#$%-#-
;01)#1- D'($)*#-#-
*(;#*- D'($)*#-#-
Figure 18.6: When a user clicks some place in the GUI window, the resulting event is routed
>+),#%-%1##-
through the widget ?$-%'#-=/1##$-
heirarchy starting at the root. Each node forwards the event by calling a child
widgets handle function after suitably translating the Gctx.t value. Which child gets the event
is determined by their size, layout, and the coordinates of the event.
3456789-:(**-7866-
need to extend their type with a new function, called handle. This function takes in
a Gctx.gctx and a Gctx.event, and processes the event in a widget-specific fashion.
The type of widgets is thus modified from what we had earlier to be:
How does our program know what to do when the user clicks on a region of
the window that displays a particular button, like Undo in the paint program?
Clearly each button will (in general) need to be associated with some bit of code
that gets executed when it is clicked, but there must also be some way to route
the event to the appropriate widget of the widget hierarchy.
We have actually already encountered a similar problem twice before, albeit in
very different contexts. First, recall that when inserting a new value into a binary
search tree we exploited the ordering structure of the values in the nodes of the tree
to route the new value to its proper location. Second, recall that, for Homework
4 we used quad trees to partition a 2D region of the plane and that inserting a
point into the quad tree essentially amounted to routing the point to its proper
location in the tree based on its coordinates.
For routing events to widgets, we use a similar idea: the container widgets
like border and hpair use the spatial information about the layout of their sub-
widgets to decide which of the childrens handle functions should be called. This
situation is depicted in Figure 18.6.
For example, the border widget simply passes any events received by its han-
dler to its only child, but only after suitably translating the Gctx.gctx so that the
child can interpret the event relative to its own local coordinate system.
Similarly, the hpair widget checks which of its two children should receive the
event and forwards it to the appropriate one. Note that, since there is some dead
space created if one of the two children is shorter than the other, it is possible
that neither child will receive the event. Events that occur in the dead space are
simply dropped by the hpair widget. Thus we have:
else ());
}
This widget is stateless in the sense that, once the string has been associated
with the label, the string never changes.
If we wanted to be able to modify the string displayed by a label, we could use
the techniques of 17 to give the label widget some local state, like this:
However, although the code above creates a piece of mutable state in which to
store the labels string, code external to the label widget cannot modify the con-
tents of lbl. To do that, we need to also expose a function that lets other parts
of the program update lbl. We call such a function a label controller since it con-
trols the string displayed by a label. Given the type of label_controller records,
it is easy to modify the label function to create a widget (of type widget) and a
label_controller:
Now when we call the label function, it returns a pair consisting of a widget
and a label controller that can be used to change the string displayed by the label.
More generally, any stateful widget will have its own kind of controller that can
be used to modify the widgets state.
E#%'(1!"1F#G(
?%&%'*.&?(
%H%&$(%(
;-'+%'(
;-'+%'( <=*"'(
&-./%'( !6(AA(!7(AA(!B(AA(CD((
!"#$%&%'#(
>"+?%$($'%%( !*;%!( @&($<%(#1'%%&(
Figure 18.7: A notifier widget maintains in its local state a list of listeners that get a chance to
process events that flow through the widget tree. Which listeners are associated with the notifier
3456789(:*!!(7866(
can be changed using a notifier controller.
some local statein this case a list of event_listener objects. Thus, each notifier
widget comes equipped with a notifier_controller that can be used to modify
the list of listeners. For simplicity in the code below, the notifier_controller only
allows new event_listener objects to be added to the notifier; it is easy to extend
this idea to allow event_listeners to be removed as well.
These design criteria lead us to create a type for event_listener functions that
looks like this:
type event_listener =
Gctx.gctx -> Gctx.event -> unit
(*
A notifier_controller is associated with a notifier widget.
It allows the program to add event listeners to the
notifier.
*)
type notifier_controller = {
add_event_listener: event_listener -> unit
}
(*
A notifier widget is a widget "wrapper" that doesn't take up
any extra screen space -- it extends an existing widget with
the ability to react to events. It maintains a list of
"listeners" that eavesdrop on the events propagated through
the notifier widget.
(*
A positioned_listener takes an action that responds to events
of all kinds - the action determines what to do if the mouse
button is down and the mouse cursor is at a particular location
*)
let positioned_listener
(action : bool -> int*int -> event_listener_result)
: event_listener =
fun (g:Gctx.gctx) (e:Gctx.event) ->
action (Gctx.button_pressed g e) (Gctx.event_pos g e)
(*
A button has a string, which can be controlled by the
corresponding label_controller, and a notifier_controller,
which can be used to add listeners (e.g. a mouseclick_listener)
that will perform an action when the button is pressed.
*)
let button (s: string) : widget * label_controller
* notifier_controller =
let (w, lc) = label s in
let (w', nc) = notifier w in
(w', lc, nc)
To add the ability to react to a mouse click event to the button, which is
typically the desired behavior, we can simply use the notifier_controllers
add_event_listener function to add a mouseclick_listener. For example, to cre-
ate a button that prints "Hello, world!" to the console each time it is clicked, we
could write the following code:
099'2"/7-5(
+/25#%&'(
6/783( G>/&'H:(!,/912":(I-F4'3(J.,/912":%"&/K(
.,/912":((
'2;,/,<(
Figure 18.8: The resulting software architecture for an application built on top of the GUI
library. An application like the Paint program should never interact with the OCaml graphics
library directly; it should instead call functions in the Gctx, Widget, and Eventloop modules.
>*?@ABC(D/''(AB@@(
The hw_button widget could then be added to a larger widget tree using layout
widgets, or, simply run as the entire application. The latter would be accom-
plished by doing:
;; Eventloop.run hw_button
Figure 18.9: The lightswitch application both before (left) and after (right) the On/Off button
has been pressed.
layout options, and widgets. Adding such features is simply a matter of extending
the Gctx and Widget modules, following more or less the same pattern as we have
seen above. The Paint program GUI project associated with this part of the course
explores how to make such changes, to the extent that we can implement the paint
program pictured in Figure 18.1.
Even though the GUI library is rather primitive, we can still use it to demon-
strate how all of the pieces fit together. The program below builds a lightswitch
application, shown in Figure 18.9.
open Widget
Transition to Java
OCamls type system also provides very strong support for type inference.
Almost all of the type annotations that weve been writing as part of our
OCaml code can be completely omitted; the compilers type checker is able
to figure out the types of every expression by looking at how the program is
structured.
At this point in the semester we have touched on all three of these themes in the
context of OCaml. However, we have not covered these topics equally. Due to the
design of the language, OCaml is best suited to functional programming, provides
a unique perspective for imperative programming, and (based on our encoding of
objects) rather poor for Object-oriented programming.
For balance, we now switch to Java and find that the reverse is true. Java pro-
vides many features that enable Object-oriented programming, makes imperative
programming convenient, but provides little support for functional programming.
Java, of course, offers the benefits of being a widely-used, industrial strength
programming language with a large ecosystem of libraries, tools, and other re-
sources designed for professional software developers. Java as a programming
language is itself a rather large and complicated entity (with good reason!), which
has evolved over the years and is continuing to change.
The goal of studying object-oriented programming in Java is not, therefore, so
that you become an expert Java developer. Instead, the goal is to give you an
understanding of the essence of object-oriented languages, and how their features
can be used to address programming design problems.
The corresponding Java program is much more verbose (and isnt even fully
operational, since I have omitted the methods needed to access the trees values).
(Dont worry about understanding the code yet, the next several chapters will ex-
plain all of the necessary pieces.)
interface Tree<A> {
public boolean isEmpty();
}
class Empty<A> implements Tree<A> {
public boolean isEmpty() {
return true;
}
}
class Node<A> implements Tree<A> {
private final A v;
private final Tree<A> lt;
private final Tree<A> rt;
class Program {
public static void main(String[] args) {
Tree<Integer> t =
Though working with OCaml and the functional style are a good way to
broaden your mental toolbox, it is also essential to be able to work fluently in other
programming paradigms. Just as the program above can be written very cleanly
in the functional style, there are Java programs that would be difficult to express
cleanly in OCaml.
An object encapsulates some local, often mutable state. That local state is visi-
ble only to the methods of the object.
In the OCaml example above, the first feature is embodied by the use of the
type counter_state, which describes that local state associated with each counter
object. The second feature is realized by the type counter, which exposes only
the two methods available for working with counter objects. Finally, the function
new_counter provides a way to create new counter instances (i.e. values of type
counter). The use of local scoping ensures that the state s is only available to the
code of the inc and dec methods, and therefore cannot be touched elsewhere in the
programthe state s is encapsulated properly.
Javas notation and programming model make it easier to work with data and
functions in this style. A Java class combines all three featureslocal state, method
definitions, and instantiationinto one construct. Think of a class as a template
for constructing instances of objectsclasses are not values, they describe how to
create object values. The Java code below shows how to define the class of counter
objects that is analogous to the OCaml definitions above:
Here the notation public class Counter \{ ... \} defines a new type, i.e.
class, of counter objects called Counter. Here, and elsewhere, the keyword public
means that the definition is globally visible and available for other parts of the
program to use. A class consists of three types of declarations: fields, constructors,
and methods.
A field (also sometimes called an instance variable) is one component of the ob-
jects local state. In the Counter class, there is only one field, called cnt. The key-
word private means that this field can only be accessed by code defined inside the
enclosing classit is used to ensure that the state is encapsulated by the object.
A constructor always has the same name as its enclosing classit describes how
to build an object instance by initializing the local state. Here, the constructor
Counter simply sets cnt to 0.
A method like inc or dec defines an operation that is available on objects that
are instances of this class. In Java, a method is declared like this:
return e;
}
Here, T is the methods return typeit says what type of data the method pro-
duces. T1 arg1 through TN argN are the methods parameters, where T1 is the type
of arg1, etc. The return e statement can be used within the body of a method to
yield the value computed by e to the caller. Here again, the keyword public in-
dicates that this method is globally visible. Note that the field cnt is available for
manipulation within the body of these methods. As we will see, methods can also
define local variables to name the intermediate results needed when performing
some computation.
Unlike in OCaml, in which code can appear at the top level, in Java all code
lives inside of some class. A Java program starts executing at a specially designated
main method. For example, a program that creates some counter objects and uses
their functionality might be created in a class called Main like this:
system.out.println(c.dec());
}
}
The type of main must always be declared as shown abovewell see the mean-
ing of the static keyword in ??. The keyword void indicates that the main method
does not return a useful valueit is analogous to OCamls unit type. To create an
instance of the Counter class, the code in the main invokes the Counter constructor
using the new keyword. The expressions c.inc() and c.dec() then invoke the inc
and dec methods of the resulting object, which is stored in the local variable c.
Conditional tests are statements in Javathey are not expressions and dont
evaluate to values. As a consequence, the else block can be omitted, as shown by
the two examples below:
if (cond) {
stmt1;
stmt2;
stmt3;
}
if (cond) {
stmt1;
stmt2;
} else {
stmt3;
stmt4;
}
Within the body of a method, the return e; statement indicates that the value
of expression e should be the result yielded to the caller of the method. If a
methods return type is void, then the return statement can be omitted entirely.
Expressions in Java are built using the usual arithmetic and logical operations
like x + y, x \&\& y, and literals like 1.0, true, and "Hello". A method invocation
whose return type is non-void can be used as an expression of the correspond-
ing type. For example, since inc returns an int, c.m() + 3 is a legal Java expres-
sion. Constructor invocations, using the new keyword, are also expressions, as in:
(new Counter()).inc() + 5.
cnt = cnt + 1;
Another significant distinction between OCaml and Java is that in Java vari-
ables and fields that are references to objects are initialized to a special null value.
The null value indicates the lack or absence of a reference. However, since Javas
type system considers null to be an appropriate value of any reference type,
any variable declared to contain an object might contain null instead. Trying
to use a field or value via a null reference will cause your program to raise a
NullPointerException when you run it. Here is an example using the Counter
objects defined above:
class Foo {
public int f (Counter c) {
return c.inc();
}
}
If o is an object of class Foo, the call o.f(null) will cause the program to raise a
NullPointerException.
OCamls use of the option types eliminates this problem. Although the option
value None plays the same role as null, its type, 'a option is distinct from 'a, and
it is therefore not possible to use a 'a option as though it is of type 'a. Javas type
system does not make such a distinction, thereby creating the possibility that null
is erroneously treated as an object.
manipulated using the appropriate arithmetic and logical operations. OCaml pro-
vides a rich vocabulary of structured typestuples, records, lists, options, func-
tions, and user-defined types like treeseach of which comes equipped with a
particular set of operations (field projection, pattern matching, application) that
define how values of those types can be manipulated. When the OCaml compiler
typechecks the program, it verifies that each datatype is being used in a consistent
way throughout the program, thereby ruling out many errors that would other-
wise manifest as failures with the program is run.
Java too is a strongly typed languageevery expression can be given a type,
and the compiler will verify that those types are used consistently throughout the
program, again preventing many common programming errors. We saw above
that the primary means of structuring data and code in Java is by use of objects,
which collect together data fields along with methods for working with those fields.
A Java class provides a template for creating new objects.
Importantly, a class is also a typethe class describes the ways in which its
instances can be manipulated. A class thus acts as a kind of contract, promising
that its instance objects provide implementations of the classs public methods.
Any instance of class C can be stored in a variable of type C.
Returning to the comparison between objects in OCaml and Java, there is one
way in which the OCaml version of objects is more flexible that the Java version.
Consider the following two definitions of points in OCaml and Java.
Note that the interface, like a class, has a namein this case Displaceable
but, unlike a class, the interface provides no implementation details. There are no
fields, no constructors, and no method bodies.
Since the Displaceable interface is a type of any moveable object, we can
write code that works over displaceable objects, regardless of how they are imple-
mented. For example, we might have a method like the one below:
This method will work on an object created from any class, so long as the class
implements the Displaceable interface.
To tell the Java compiler that a class meets the requirements imposed by an
interface, we use the implements keyword. For example, the follow Point class
implements the Displaceable interface:
In addition to the private fields x and y and the constructor Point (which takes
in the initial position for the point and sets x and y accordingly), this class provides
implementations for the three methods required by the Displaceable interface
if one of them was omitted, or included but with a different signature, the Java
compile would issue an type checking error.
In the case of Point, the class provides only the methods of the Displaceable
interface. A class that implements an interface may supply more methods than the
interface requires. For example, the ColorPoint class also includes a color field and
a way to access it:
}
public void move(int dx, int dy) {
p.move(dx, dy);
}
public int getX() { return p.getX(); }
This chapter considers some of the core pieces of Java syntax. The goal is not to be
comprehensive, but rather to cover the basic features of the language, emphasizing
the similarities and differences with OCaml.
Java supports essentially the same set of arithmetic and logical operators that
OCaml does, as summarized in table of Figure 20.1
Unlike in OCaml, some of Javas operations are overloadedthe same syntactic
operation might cause different code to be executed. This means that the arith-
metic operators +, *, etc., can be applied to all of the numeric types. Java will also
introduce automatic conversions to change one numeric type to another:
4 / 3 = 1
4.0 / 3.0 = 1.3333333333333333
4 / 3.0 = 1.3333333333333333
Moreover, + is also overloaded to mean String concatenation, so we also have:
"Hello," + "World!" = "Hello, World!".
Equality
Just as OCaml includes two notions of equalitystructural (or deep) equality, writ-
ten v1 = v2, and reference (or pointer) equality, written v1 == v2Java also has two
notations of equality. Java uses the same notation, v1 == v2, to check for reference
equality of objects or equality of primitive datatypes. Java supports structural
equality only for objects. Every object in Java has a equals method that should
be used for structural comparisons: o1.equals(o2)
In particular, String values in Java, although they are written using quote no-
tation, should be compared using the equals method:
"Hello".equals("Hello") = true.
"Hello".equals("Goodbye") = false.
Identifier Abuse
Java uses different namespaces for class names, fields, methods, and local vari-
ables. This means that it is possible to use the same identifier in more than one
way, where the meaning of each occurrence is determined by context. This gives
programmers greater freedom in picking identifiers, but poor choice of names can
lead to confusion. Consider this well-formed, but hard to understand, example:
public Turtle() { }
Displaceable o;
if (...) {
o = new Point(10,10);
} else {
o = new Rectangle(10,10,5,20);
}
o.move(2,2); // method called depends on the conditional
Suppose the the omitted conditional test depended on user input. Then
whether a Point or Rectangle is assigned to o cant be known until the pro-
gram is actually run and the input is resolved. Therefore the method invocation
o.move(2,2)) after the conditional might require executing either the Point version
of move or the Rectangle version. This is called dynamic dispatchthe method in-
vocation dispatches to some version of move depending on the dynamic class of
the object stored in o.
Java also supports a notion of static methods (and fields), which are associated
with a class and not object instances of the class. The standard example is the main
method, which must be declared with the following signature (in some class):
As the use of the keyword static implies, which code is called when a static
method is invoked can be determined at compile time (without running the pro-
gram). The way this works is that, rather than invoking a static method from an
object, static methods are called relative to the class in which they are defined.
For example, suppose that a class C defines a static method m, like this:
public class C {
public static int m(int x) {
return 17 + x;
}
}
public class C {
private static int big = 23;
}
}
A static method cannot access non-static fields or call non-static methods as-
sociated with the class because, as there is no object to provide the state for the
non-static fields of the class, those methods might not be well defined. For exam-
ple, the following example will cause the Java compiler to issue an error:
public class C{
private static int big = 23;
When should static methods be used? Generally they should be used for im-
plementing functions that dont depend on any objects states. One good source
of examples is the Java Math library, which defines many standard mathemat-
ical functions like Math.sin, or the various type conversion operations, like
Integer.toString and Boolean.valueOf.
Arrays
21.1 Arrays
Java, like most programming languages (including OCaml), provides built-in sup-
port for arrays. An array is a sequentially ordered collection of element values that
are arranged in the computers memory in such a way that the elements can be
accessed in constant time. The array elements are indexed with integer positions as
shown in Figure 21.1. Arrays thus provide a very efficient way to structure large
amounts of similar data.
In Java, array types are written using square brackets after the type of the
arrays elements. So int[] is the type of arrays containing int values, ancd
Counter[] is the type of arrays containing Counter values.
If a is an array, then a[0] denotes the element at index 0 in the array. Similarly,
if e is any expression of type int and e = i, then a[e] denotes the element at
index i. Note that Java array indices start at 0, so a 10-element array a has values
a[0], a[1], . . . , a[9].
If you try to access an array at a negative index or an index that is larger than
(or equal to) the arrays length, Java signal that no such element exists by raising an
ArrayIndexOutOfBoundsException. Every array object has an length field, which
can be accessed using the usual dot notation: the expression a.length will eval-
uate to the number of elements in the array a. Note that a[a.length] is always out
of boundsthe largest legal array index is always a.length - 1.
Array elements are mutableyou can update the value stored in at array index
by using the assignment command: a[i] = v;
The new keyword can be used to create a new array object by specifying the
arrays length in square brackets after the type of the object. The program snippet
below declares an array of ten Counter values:
a[i]$$$$$$$$$$$$$$$$"66-(($-4-;-+8$57$"&&"'$a$"8$/+,-.$i
Counter[] arr = new Counter[10]; !
a[i] = Note e$$$$$$"((/0+$e$85$-4-;-+8$57$"&&"'$a$"8$/+,-.$i
that array types, like Counter[], never include any size information, but
the length of the array is fixed when it is created using the new operation. Once
a.lengthcreated,$$$$$$0-8$89-$+2;:-&$57$-4-;-+8($/+$a!
an arrays length never changes.
When an array is created, the elements of the array are initialized to the default
value of the corresponding element type. For numeric values like integers and
floating points, the default values is zero, for objects, the default is null. Java also
BC=$D$A?&/+0$C=BB$ provides syntax for static initialization of arrays, for the case where the array values
are known when writing the program. In this case, the elements are written as a
comma-separated sequence inside of \{ and \} brackets. Here are some examples:
int[] myArray = {10, 20, 30, 40, 50, 60, 70, 80, 90, 100};
As you would expect, creating a new array object allocates space in the pro-
grams heap in which to store the array valuesthe amount of space required is
proportional to the length of the array. The array object also includes an immutable
field, length, which contains the size of the array when it was created. When you
declare a variable of array type (or of any other object type, for that matter), Java
creates a reference to the array on the stack. Because array elements are mutable,
all of the issues with aliasing (recall 14) arise here as well. Figure 21.2 shows the
program stack and heap configuration that arises in a typical array program. We
will study the Java version of the abstract stack machine in more detail later (see
int[]
int[] a = new a = new
int[4]; int[4];!
int[] b = a;
int[] b = a;!
a[2] = 7;
a[2] = 7;!
System.out.println(b[2]);
System.out.println(b[2]);!
93"5>$ ?0"4$
a! int[]!
length! 4!
0! 0! 7! 0!
b!
Figure 21.2: This figure shows a portion of the stack and heap configuration that
would be reached by running the program above. Observe that, like other kinds
789:;<$=$94&+,-$;<::$
of mutable reference values, array references can alias.
22).
Array iteration
Arrays provide efficient and convenient random access to their elements, since
you can simply look up a value by calculating its index. Often, however, it is useful
to process all (or many) of the elements of an array by iterating through them. Like
most imperative languages, Java provides for loops for just that purpose. Javas
for loop syntax is inherited from the C and C++ family of languages. Here is an
example:
This method takes an array of double width floating-point values. The for
loop shows the canonical way of iterating over every element of the array. The
int i = 0; part initializes a loop index variable i to 0, the starting index of the
array. The loop guard or termination condition, i < arr.length; indicates that this
loop should execute while the value of i is less than array length. The loop variable
update i++ is short-hand for i = i + 1; it says that index i should be incremented
by one after each loop iteration. The body of this for loop simply accumulates the
total value of all the elements in the array.
The general form of a for loop is:
Here, init is the initializer, which may declare new variables (as in the sum example
above). The cond expression is a boolean valued test that governs how many times
the loop executeswhen the cond expression becomes false, the loop terminates.
The update statement is executed after each loop iteration; it typically modifies the
loop variables to move closer to the termination condition.
Java also provides a while loop construct. The example above could be written
using while loops like this:
Using for loops to iterate over arrays is often quite natural, since the number
of times the loop body executes is usually determined by the length of the array.
As we shall see (25.4), Java also provides support for iterating over other kinds of
datatypes, particularly collections and streams of data.
Whether you use for or while loops, pay particular attention to the loop
guards and indexinga common source of errors is starting or stopping itera-
tion at the wrong indices, which can lead to either missing an array element or
an ArrayOutOfBoundsException.
Multidimensional Arrays
Since an array type like C[] is itself a type, one can also declare an array of arrays
each element of the outer array is itself an array. Such arrays have more than one
dimension, so Java allows multiple levels of indexing to access the elements of the
inner array:
String[][] names =
{{"Mr. ", "Mrs. ", "Ms. "},
{"Smith", "Jones"}};
This example shows that array initializers can be nested to construct multi-
dimentional arrays. An expression like names[0][2] should be read as (names[0])[2],
that is, first find the array at index 0 from names and then find the element at index
2 from that array. For the example above, names[0][2] = "Ms.".
This example also demonstrates that the inner arrays need not be all of the
same lengthJava arrays can be ragged. This is a simple consequence of Javas
array representation: An object of type C[][] is an array, each of whose elements
is itself a reference to an array of C objects. There isnt necessarily any correlation
among the lengths or locations of the inner arrays. Note that this is in stark contrast
to languages like C or C++ in which multidimensional arrays are represented as
rectangular regions of memory that are laid out contiguously.
The static array initialization syntax suggests that we should read the indices of
a two-dimensional array as row followed by column. That is, in the expression
names[row][col], the first index selects an inner array corresponding to a row of
values, and the second index then picks the element at the corresponding column.
This view of 2D arrays is very convenient when working with many kinds of
data, but for some applications, it is useful to think of the first index as the x
coordinate and the second index as the y coordinate of elements in a plane. For
example, for image-processing applications, we might represent an image as a 2D
array of Pixel objects. That would allow us to write img[x][y] when thinking in
cartesian coordinates, which looks more natural than the row-major img[y][x]
indexing suggested by the row/column analysis above.
Both of these ways of thinking about 2D arrays are simply useful conventions.
So long as you write your program to consistently use either the arr[row][column]
view or the arr[x][y] view, it will be correct. Problems arise when these two
different points of view are confused in the same program.
Note that since the inner arrays might not be all of the same length, you must
use some care when writing nested loops to process all of the array elements. For
example, the following program might be incorrect if the array is not rectangular:
A simpler and more robust way of iterating over all of the elements of an array
is to always use the length field, like this:
This program is equivalent to the following one that uses a static initializer:
int[][] products =
{ { 0 },
{ 0, 1 },
{ 0, 2, 4 },
{ 0, 3, 6, 9 },
{ 0, 4, 8, 12, 16 }
}
A common pitfall that you should avoid is accidentally sharing a single inner
array among all of the elements of the outer array, like this:
arr[i] = shared;
}
The Abstract Stack Machine model that we used in chapter 15, provided a model
of computation for OCaml programs that use mutable state. This stack machine
lets us trace through execution in an abstract manner so that we can understand
what our program does.
It turns out that we can use the same model for Java programs, with a few minor
alterations. Like the OCaml abstract machine, the Java machine includes the same
components: the workspace, the stack, and the heap.
Heap values include (only) arrays and objects. Java does not include lists,
options, tuples, other datatypes, records or first-class functions.
Method bodies are stored in an auxiliary component called a class table. For
our initial discussion, we will omit some of the details about how the class
table works. We will come back to it in a later chapter.
Figure 22.1: A picture of the heap of the Java Abstract Stack Machine containing two reference
values: an object value (on the left) and an array value (on the right).
Objects are stored on the heap similarly to OCaml record values. The object
value contains a value for each of its fields (instance variables). Fields may or may
not be mutable, if they are mutable (the default in Java) we mark them with a
heavy black box.
For example the Java class:
class Node {
private int elt;
private Node next;
...
}
creates object values that are represented in the heap as in the left side of Fig-
ure 22.1. Note that the only members of the class that are part of the heap value
are the name of the class and the field members. The constructors and methods in
the class are stored in the class table.
Likewise, Java arrays are represented in the abstract stack machine as in the
right half of Figure 22.1.
int[] a = { 0, 0, 7, 0 };
Array values contain the length of the array as well as one location for each
array value. The array locations are always mutable, but the length of the array
never can be changed. Arrays also record the type of the array, this restricts the
array to storing only certain types of values.
Node.m();!
StaGc)method)call:)
class Node {
private int elt;
)Save)the)workspace)to)the)stack)
private Node next;
)Look)up)method)named)m)in)the)class)table)
public Node (int e0, Node n0) {
)Put)method)parameters)on)the)stack)
elt = e0;
next = n0;
} )Put)method)body)in)the)workspace)
Consider the code above. What will be the result of a call to the static method
Node.m()? The Abstract Stack Machine can help us figure out the answer.
We start the ASM by putting the code on the workspace. The Java ASM simpli-
fies a static method call in much the same way as it simplifies an OCaml function
call.
1. The first step is to save the current workspace on the stack, marking the spot
where the ANSWER should go with a hole. In our example, since the original
workspace was Node.m(), the saved workspace is merely _____.
2. The next step is to find the method definition. The Java uses the class table
for this purpose, looking up the Node class and its method named m.
3. Next, the ASM adds new stack bindings for each of the called methods pa-
rameters. These stack bindings are always mutable in Java. In our running
example, the method m takes no parameters, so there will be nothing pushed
on the stack.
Well)omit)this)
in)the)rest)of)the)
example.)
Figure 22.3: After the static method callsaving the workspace on the stack and putting the
method body in the workspace.
ConstrucGng)an)Object)
Workspace) Stack) Heap)
Node n1 = ;! Node!
Node n2 = new Node(2,n1);!
elt! 1!
Node n3 = n2;!
n3.next.next = n2;! next! null!
Node n4 = new Node(4,n1.next);!
n2.next.elt = 17;!
return n1.elt;!
Figure 22.4: After the creation of an object. In the next step, the ASM will add the (mutable)
variable n1 to the stack, with a reference to this object.
Note:(were(skipping(details(here(about((
how(the(constructor(works.(Well(ll(them(in(
next(week.((For(now,(assume(the(constructor((
MutaGng)a)eld)
allocates(and(ini.alizes(the(object(in(one(step.(
CIS120)/)Spring)2012)
Node!
elt! 2!
next!
Figure 22.5: After a few more steps. The variable n3 contains an alias to a previously allocated
object.
CIS120)/)Spring)2012)
MutaGng)a)eld)
Workspace) Stack) Heap)
Node!
elt! 2!
next!
CIS120)/)Spring)2012) MutaGng)a)eld)
Workspace) Stack) Heap)
n4! Node!
elt! 2!
next!
Node!
elt! 4!
next!
Programming languages use types to constrain how different parts of the code in-
teract with one another. Primitive types, like integers and booleans, can only be
manipulated using the appropriate arithmetic and logical operations. OCaml pro-
vides a rich vocabulary of structured typestuples, records, lists, options, func-
tions, and user-defined types like treeseach of which comes equipped with a
particular set of operations (field projection, pattern matching, application) that
define how values of those types can be manipulated. When the OCaml compiler
typechecks the program, it verifies that each datatype is being used in a consistent
way throughout the program, thereby ruling out many errors that would other-
wise manifest as failures with the program is run.
Java too is a strongly typed languageevery expression can be given a type,
and the compiler will verify that those types are used consistently throughout the
program, again preventing many common programming errors.
We saw in 19 that the primary means of structuring data and code in Java is
by use of objects, which collect together data fields along with methods for working
with those fields. A Java class provides a template for creating new objects.
Importantly, a class is also a typethe class describes the ways in which its
instances can be manipulated. A class thus acts as a kind of contract, promising
that its instance objects provide implementations of the classs public methods.
Any instance of class C can be stored in a variable of type C.
used to describe objects that have 2D Cartesian coordinates and can be moved:
To tell the Java compiler that a class meets the requirements imposed by an
interface, we use the implements keyword. For example, the follow Point class
implements the Displaceable interface:
23.2 Subtyping
Because interfaces, like classes, are types, Java programs can declare variables,
method arguments, and return values whose types are given by interfaces. For
example, we might declare a variable and use it like this:
Displaceable d;
d = new Point(1,2);
d.move(-1,1);
Note that, since every Point object satisfies the Displaceable contract, this
assignment makes sensed holds Displaceable objects and all Point objects
are Displaceable, so d can store a Point. Similarly, since ColorPoints are also
Displaceable, we could continue the program fragment above with:
o.moveItALot(new Point(0,0));
o.moveItALot(new ColorPoint(10,10, new Color("red")));
A Circle class might implement both the Displaceable and Area interfaces. To
do so, it simply has to satisfy the method requirements of both. Note that multiple
interfaces are given in a comma-separated list after the implements keyword:
Classes like Rectangle and Circle that implement multiple interfaces have
multiple supertypes. The following examples are all permitted:
Of course, since Rectangle and Circle are not in any subtype relation (neither
is a supertype of the other) it doesnt make sense to store a Rectangle in a vari-
able declared to hold Circle objects. Similarly, even though it is possible that a
Displaceable variable contains a Circle, it is not possible to store a Displaceable
in a Circle variable:
Displaceable d = c; // OK
Circle c2 = d; // not OK, even though d contains a Circle
Next, we will see that Javas subtyping relation is actually richer still. First, it is
possible for one interface to extend another, by adding extra methods that must be
supported. Second, one class can also extend or inherit from another, allowing the
two to share common implementation code. Both of these mechanisms create new
subyping relationships.
Figure 23.1: An example subtyping hierarchy for the three classes shown on the
.,'/$)+0)')!"#$%&')1&)21#,)3+0/4'($'24$)'"5)6%$'7)
right. Subtyping induced by the implements keyword is shown as a solid line; that
8+%(4$)'"5)9$(#'":4$)'%$)21#,)0;2#-/$0)1&).,'/$<)'"5<)2-)
induced by the extends keyword is shown as dotted. Interface Shape extends both
$()*!+,-+$%<)21#,)'%$)'401)0;2#-/$0)1&))3+0/4'($'24$)'"5))6%$'7)
Displaceable and Area. Classes Circle and Rectangle are both subtypes of Shape,
and, by transitivity, both are also subtypes of Displaceable and Area. Point is not
=1#$)#,'#)1"$)+"#$%&'($)>'-)$?#$"5)!'-'().)1#,$%07)
a subtype of Shape or Area.
!"#$%&'($0)51)"1#)"$($00'%+4-)&1%>)')#%$$<)2;#)#,$),+$%'%(,-),'0)"1)
(-(4$07)
23.4 Interface Extension
8!.@AB)C)D'44)AB@@)
Now suppose that wanted to define an interface of shapes that had both the meth-
ods of the Displaceable and Area interfaces, along with a new method for obtain-
ing the shapes boundingBox, we could define it directly like this:
However, this approach is not very good. Even though this Shape interface has
all of the methods of both the Displaceable and Area interfaces, if we wanted
to implement a class that could be used either as a Shape or as Area or as a
Displaceable object, we would have to explicitly declare that it is a subtype of
all three interfaces in the classs implements clause, like this:
have to write down many interfaces, even though many of them share method
specifications. Moreover, this approach forces us to duplicate those shared meth-
ods signatures in multiple interfaces (i.e. getX() appears once in Displaceable and
once in Shape).
Interface extension solves this problem by allowing one interface to extend oth-
ers, possibly also adding additional required methods. For example, we could
define a better version of the Shape interface like this:
This declaration says that the Shape interface is a subtype of both the Displaceable
and Area interfaces, and thus any class that implements Shape must supply all of
their methods, as well as the getBoundingBox method required by Shape.
The use of interface extension means that the subtyping hierarchy can be quite
rich. One interface may extend several others, and interfaces can be layered on top
of one another, forming an (acyclic) graph of types related by extends edges. The
resulting subtyping relationship follows these chains transitively: if A is a subtype
of B and B is a subtype of C, then A is a subtype of C. Figure 23.1 shows an example
hierarchy.
23.5 Inheritance
Classes, like interfaces, can also extend one another. Unlike in the case of inter-
faces, however, a class may only extend one class. Here is an example:
class D {
private int x;
private int y;
public int addBoth() { return x + y; }
}
The way to think about class inheritance is that the subclass, in this case C, gets
its own copy of all the fields and methods of the superclass that it extends. Given
the definitions above, when we create an instance of C, the resulting object will
have three private fields (x, y, and z) and two public methods (addBoth) and
addThree.
Just as with interface extension, a class is a subtype of the class it extends, so, in
this case, C is a subtype of D. For this reason, inheritance should be used to model
the is a relation between two classes: every C is a D, and wherever the program
requires a D it should be possible to supply a C instead. When considering how to
represent a program concepts using classes, carefully examine whether there is an
is a relationship to be found. For example, every truck is a vehicle, so one might
consider making a classes Vehicle and Truck such that Truck extends Vehicle.
Note that the keyword private means that the field or method is visible only
within the enclosing class. Therefore, even though C extends D, the fields x and
y cannot be mentioned directly within Cs methods. Java provides a different key-
word, protected, which designates a field or method as visible within the class and
all subclasses, no matter where they are defined. The protected keyword should
be used with care, however, since it is not in general possible to know how a class
will be extendedif the objects local state requires the fields to satisfy an invari-
ant, making them protected means that all subclasses will have to preserve the
invariants. This may not be feasible when the person whos writing the subclass
does not even necessarily have access to the source code of the superclass.
class D {
private int x;
private int y;
class C extends D {
private int z;
Note that Cs constructor uses the super keyword to invoke Ds constructor, and
thereby initialize the private x and y fields. Such a call to super must be the first
thing done in the constructor body.
An example of inheritance
Returning to the shapes example, we might consider how to share some of the im-
plementation details among several classes. For instance, the Point, Circle, and
Rectangle classes all implement the same functionality to meet the Displaceable
interface. We could share those implementation details by creating a common su-
perclass, like this:
23.6 Object
The root of the class hierarchy is a class called Object. All types in Java are a
subtype of Objecteven interfaces and those classes that arent declared to extend
6)7('2* '%&##(#*A@0,9*&*2,((B*
"12(,@&'(#*
!"#$%&'(&)%(* +,(&*
!"#$%&'(&)%(89$%*
-.&$(*
:;2(1<#*
89$%(9(12#*
/0"12* 3",'%(* 4('2&15%(* -=)2>$(*)>*?&2*
Figure 23.2: A picture of (part of) the Java subtype hierarchy. Interfaces extend (pos-
sibly many) interfaces. Classes implement (possibly many) interfaces and (except
for Object) extend exactly one class (Object implicitly). Interfaces are subtypes
by fiat of the Object class. Classes form a tree, rooted at Object (shown in blue).
Interfaces (shown in pink) do not form a tree.
any other class. Note that since Java supports only single inheritance for classes,
i.e. each class may inherit from at most one superclass or, implicitly from Object,
the classes of the subtype hierarchy for a tree. Object is the root of the tree.
The Object class provides a few methods that are supported by all objects:
toString, which converts the object to a String representation, and equals, which
can be used to test for structural equality.
Consider the following example code, which uses the Displaceable and Area
interfaces along with the shape classes Point and Circle that were introduced ear-
lier.
Here, the type annotations on the variable declarations indicate the static type
information about the variable that the compiler checks while type checking the
program. For example, p has the static type Point, while d1, d2, and d3 all have
static type Displaceable.
At run time, the variable d1 will always store a value whose class is Point, but
the variable d3 might end up with a value whose dynamic class is Point or Circle.
Note that it is the static type of a variable that restricts how the value can be
used by the program. For example, even though d2 always stores a Circle at run
time, because d2s static type is Displaceable, it isnt possible to assign the value
in d2 to a2, which expects to be given an object of type Area.
Also note that the static type is associated with a program expression, which can
be a complex construction involving multiple method calls or other operations.
For example, an expression like:
(new Circle(10,10,10)).getCenter()
has static type Point. Note that, due to subtyping, such an expression might have
more than one valid static typefor example this particular expression also has
type Displaceable, because Point is a subytpe of Displaceable.
At run time, such expressions evaluate to values, which, if they are objects (and
not a primitive value like an integer), are always associated with a single dynamic
class, namely the class whose constructor was invoked to create the object. For
this reason, the dynamic class of the variable a1 above will be Circle. As we saw
in the discussion above about the difference between dynamic and static method
invocation, it is the dynamic class of the object that determines which method will
be invoked at run time. After running the code fragment above, d3.move() will
either call the Point or the Circle implementation of move, depending on which
way the conditional branch evaluates at runtime.
In the next chapter, we will make this idea precise by extending the Java Ab-
stract Stack Machine so that it can model the execution of dynamic methods.
End:
In Chapter 22, we looked at simple form of the Java Abstract Stack Machine. That
form included the representation of objects and arrays in the heap and explained
the operation of static methods. However, in those examples, we were deliber-
ately vague about how constructors and nonstatic method worked. We understood
them at an intuitive level, but could not model them precisely in the ASM.
In this chapter we fill in the details about an essential aspect of the operation
of Java, called dynamic dispatch. Dynamic dispatch describes the evaluation of nor-
mal method calls. It is dynamic because it is controlled by the dynamic class of an
objectthe actual class that created the object determines what code actually gets
run in a method call. In a method call o.m(), there may be several methods in the
Java Class Table called m. Dynamic dispatch resolves this ambiguity.
Another difficulty with modeling method calls are references in the method
to the fields of the object that invoked the method. In particular, if the method m
includes the line:
x = x + 1;
where x is intended to be a field, how does the ASM find that field and update
it?
Understanding dynamic methods also helps us to model the execution of Con-
structors in the Java ASM, especially those from classes that extend other classes.
The last refinement we make to the Java ASM in this chapter is an explanation of
how constructors initialize objects when they are created.
Our goal in this chapter is to extend the ASM enough so that we can precisely
model the following example:
This example includes two classes Counter and Decr, which extends Counter.
The execution that we would like to model is at the bottom of the listinghow
is it that we can create an instance of the Decr class? What does the constructor
// somewhere in main:
Decr d = new Decr(2);
d.dec();
int x = d.get();
invocation look like? What happens when we invoke its dec method? What about
its inherited get method?
Object!
String toString(){ !
boolean equals!
Counter!
extends !
Counter() { x = 0; }!
Decr!
extends !
Decr(int initY) { }!
void dec(){incBy(-y);}!
ery dynamic method allows a references to the object that invoked through a spe-
cial variable called this. In fact, every field access x, is short for this.x. We will
only execute code in the workspace where these references have been made ex-
plicit. In other words, even though we may write the code in Figure 24.1, the code
that we will actually use is the one in Figure 24.3.
The code in the figure also makes one more feature of Java explicit. The first
line of every constructor should start with an invocation of the constructor of the
superclass of the class, using the keyword super. (Recall that if a class does not
have an explicit superclass, its superclass is Object). Often we will write this invo-
cation explicitly, especially if the superclass requires arguments. However, even if
we leave it out, Java will implicitly add it. For the ASM, we will assume that all
code for constructors starts with a call to super.
// somewhere in main:
Decr d = new Decr(2);
d.dec();
int x = d.get();
Constructor invocation
The next step is to invoke the constructor for the Decr class, giving it the argument
2. Figure 24.5 shows the result of this action. A constructor invocation is a lot
like a function call in OCaml, or a static method call in Java. It saves the current
workspace, puts bindings for the parameters on the stack, and puts the body of the
constructor in the workspace. In this case the Decr constructor takes one argument,
so the binding initY is added to the stack.
The difference is that constructors also allocate, i.e. create the new object in the
heap. The object values store the values of the fields (or instance variables) of the
object. For a class like Decr, which extends another class, the fields include the
Counter!
extends !
Counter() { x = 0; }!
Decr!
extends !
Decr(int initY) { }!
void dec(){incBy(-y);}!
fields declared in the Decr class plus all fields declared in the super classes (i.e.
Counter). Furthermore, the variable this, a reference to the newly created object is
also pushed onto the stack. Finally, the object value
Next, the code in the constructor begins to execute. The first line of the Decr
constructor is to invoke the constructor of its super class, i.e. the Counter construc-
tor. The result of this step is in Figure 24.6. As before, the current workspace is
saved to the stack, and the code for the Counter constructor is copied from the
class table to the workspace. However, this time, because the object is already al-
located, the constructor merely pushes a this pointer to the same heap object onto
the stack. Furthermore, the Counter object takes no parameters, so no additional
variables are added to the stack.
The first step of the Counter constructor is to call the constructor for its super-
class, Object. Here we will skip this stepthe object constructor has no effect in
the ASM model. The next step is to update the x field of the newly created object,
as shown in Figure 24.7. As the default value of the field was 0, this action does
not actually change the object.
After the Counter constructor completes its execution, the ASM pops the stack
and restores the saved workspace. The next step is to continue the execution of the
Invoking)a)constructor:) Counter!
)allocates)space)for)a)new)object))))
extends Object !
))in)the)heap)
)includes)slots)for)all)elds)of)all)) Counter() { x = 0; }!
void dec(){incBy(-y);}!
The newly allocated object value is tagged with the class that created it.
The newly allocated object value includes fields that are declared in the class
that constructs the object as well as all superclasses of that class.
Each constructor pushes its own this pointer onto the stack so that it can
Counter!
this!
extends Object !
Counter() { x = 0; }!
(Running)Objects)default)
constructor)omiied.)) void incBy(int d){}!
Decr!
extends Counter !
Decr(int initY) { }!
void dec(){incBy(-y);}!
modify the newly allocated object. However, all of these pointers refer to the
same object value.
Assigning)to)a)Field)
Workspace) Stack) Heap) Class)Table)
Counter!
this!
extends Object !
Counter() { x = 0; }!
Assignment)into)the)this.x eld)
goes)in)two)steps:) void incBy(int d){}!
void dec(){incBy(-y);}!
and the method code can refer to the this variable whenever it needs a ref-
erence to the current object.
The execution of the dec method continues as before. However, when the code
gets to the invocation of the incBy method, the ASM must do another dynamic
dispatch to determine what code to run. This time, the method is not defined in
the Decr class, so the ASM searches for the method in the superclasses of Decr.
The method is found in the Counter class, so that is the code that is placed on the
workspace for this call.
The incBy method modifies the value of the x field of the object. Note that this
field is private to the Counter class. That means that methods in the Decr class
cannot modify the field directly. However, even though the Decr class inherits the
incBy method, it may modify the x field because it was declared as a part of the
Counter class.
After the completion of the incBy (and dec) method calls, the next step in the
computation is a call to the get method of the object. Again, the ASM uses dynamic
dispatch to find the code to run (this time from the Counter class).
Counter!
extends Object !
Counter() { x = 0; }!
Con]nue)in)the)Decr classs)
constructor.) void incBy(int d){}!
Decr!
extends Counter !
Decr(int initY) { }!
void dec(){incBy(-y);}!
The get method returns the value -2, which is the value of the local variable x
placed on the stack.
The important points to remember from this example are:
When objects method is invoked, as in o.m(), the code that runs is deter-
mined by os dynamic class.
If the method is inherited from a super class, determining the code for m
might require searching up the class hierarchy via pointers in the class ta-
ble.
Once the code for m has been determined, a binding for this is pushed onto the
stack. The this pointer is used to resolve field accesses and method invocations
inside the code.
Counter!
extends Object !
Counter() { x = 0; }!
Assignment)into)the)this.y
eld.) void incBy(int d){}!
void dec(){incBy(-y);}!
Static fields
Some fields in Java can be declared as static. This means that the values of those
fields are stored with the Class Table instead of with individual objects.
public class C {
public static int x = 23;
public static int someMethod(int y) {
return C.x + y;
}
public static void main(String args[]) {
...
}
}
C.x = C.x + 1;
C.someMethod(17);
Like static methods, static fields can be accessed without having an object
around. Essentially, the class table itself serves as a container for the data. Be-
cause all objects refer to the same class table, all objects have aliases to the static
Counter!
extends Object !
Counter() { x = 0; }!
Allocate)a)stack)slot)for)the)local)
variable)d.))Its)mutable)(see)the) void incBy(int d){}!
Aside:)since,)by)default,)elds)and)
Decr!
local)variables)are)mutable,)we)
ofen)omit)the)bold)boxes)and)just) extends Counter !
assume)the)contents)can)be) Decr(int initY) { }!
modied.) void dec(){incBy(-y);}!
fields. Changes to the value of a static field in a method called by one object will
be visible to all other objects. As a result, static fields are like global variables, and
generally not a good idea.
The best use of static fields is for constants, such as Math.PI.
Dynamic)Dispatch:)Finding)the)Code)
Workspace) Stack) Heap) Class)Table)
Counter!
extends Object !
Counter() { x = 0; }!
Invoke)the)dec)method)on)the)
object.))The)code)can)be)found)by) void incBy(int d){}!
void dec(){incBy(-y);}!
Dynamic)Dispatch:)Finding)the)Code)
Workspace) Stack) Heap) Class)Table)
y! 2! boolean equals!
this!
!
Counter!
extends Object !
Counter() { x = 0; }!
Call)the)method,)remembering)the)
current)workspace)and)pushing)the) void incBy(int d){}!
void dec(){incBy(-y);}!
Dynamic)Dispatch,)Again)
Workspace) Stack) Heap) Class)Table)
y! 2! boolean equals!
this!
!
Running)the)body)of)incBy!
Workspace) Stack) Heap) Class)Table)
y! 2! boolean equals!
this!
!
this.x = -2;!
_;!
Counter!
d! -2!
extends Object !
this! Counter() { x = 0; }!
void dec(){incBy(-y);}!
Afer)a)few)more)steps!
Workspace) Stack) Heap) Class)Table)
Counter!
extends Object !
Counter() { x = 0; }!
void dec(){incBy(-y);}!
In the next few lectures, we will be covering parts of the Java standard library. In
particular, we will focus on three main parts of the library:
2. The IO libraries, which allow Java programs to process input and output
from various sources.
We cover these libraries in CIS 120 for a number of reason. The formost is that
they are useful. Part of being a good programmer is knowing how to use library
code so that you dont have to write everything from scratch. Not only is the code
faster to write, but it has already been debugged. It is also good style: using the
abstractions of standard libraries means that others will be able to more quickly
understand your code.
However, knowing how to use libraries is a skill in itself. The libraries are docu-
mented, and you will need to know how to read that documentation. The libraries
also include features of Java that we havent yet coveredsome of those features,
such as packages, generics, exceptions and inner classes, we will cover in lecture,
and these libraries provide examples of those features. However, some language
features you will have to learn on your own if you would like to use that part of
the library.
Finally, the library designs themselves are worthy of study. This code is de-
signed for reusability. What about the interface makes it reusable? Where does it
succeed? What design patterns can you learn from it?
Alternatively, we can also make the queue data structure polymorphic by using
Generics, as we did in Chapter 33. In this case, we parameterize the interface by
the type E. This type appears as the argument of the enq method and the result of
the deq method.
To see the difference between these two interfaces, compare how queues with
these interfaces may be used.
ObjQueue q = ...;
q.enq("CIS 120");
___A___ x = q.deq(); // What type for A? Object
Queue<String> q = ...;
q.enq("CIS 120");
___A___ x = q.deq(); // What type for A? String
System.out.println(x.toLowerCase()); // Type checks
q.enq(new Point(0.0,0.0)); // Does not type check
___B___ y = q.deq(); // Only get Strings from q
In the first example, suppose we have a queue q of type ObjQueue. Then we can
add a string to this queue with the enq method because the type String is a subtype
of the type Object. However, when we remove the first element of the queue, with
the deq method, its static type is Object, as declared by the interface. Therefore, the
next line in the example, x.toLowerCase(), contains a type error. The toLowerCase
method is part of the String class, not and not supported by Object.
Alternatively, if we use generics as in the second example, then we must instan-
tiate the queue with a specific type, such as String. This means that when we deq
from the queue, then the Java type checker knows that the resulting value must be
a String. So in this case, the method call x.toLowerCase() type checks.
However, the cost of permitting this method call is that all elements of the ele-
ments in the queue must be a subtype of the String type. Going back to the first
example, it is allowed to enq a point into a queue that contains strings. The reason
is because they are both considered Objects when they are in the queue. In the sec-
ond example, the line q.enq(new Point(0.0,0.0)) contains a type error. The type
Queue<String> prevents the queue from storing anything except for (subtypes of)
strings.
We could recover the heterogeneity of the first queue by instantiating the sec-
ond interface with the Object. A queue of type Queue<Object> would behave ex-
actly the same as one of type ObjQueue. Therefore, to give programmers the choice
of behaviors, the Java Collections Framework uses Generics to give the data struc-
tures defined in the library flexible interfaces.
Queue<String> qs = ... // OK
Queue<Object> qo = qs; // OK?
qo.enq(new Integer(4));
String s = qs.deq(0);
s.toLowerCase(); // oops!
In the first line, we create an object qs that stores strings. We then rename
it (alias it) so that its type claims that the queue stores objects. This line is only
allowed if Queue<String> is a subtype of Queue<Object>. That relationship is not
true in Java, but suppose for a moment that it is allowed. Then, in the next line, we
can use the alias to add a new object to the queue, because Integer is a subtype of
Object (as usual). However, when we remove that integer from the queue using
qs, and name that value s, we can fool Java. The static type of s is String, because
that is what the result of deq is for in the interface Queue<String>. However, the
dynamic class is actually Integer, because that is actually the value that we put
in and removed from the queue. That is a problem because the dynamic class is
always supposed to be a subtype of the static type. If Java thinks that an integer
has type String, then it wont stop us from trying to call string methods on the
integer.
The Java Tutorial2 includes additional information about the behavior and
meaning of Generics in Java. It goes much beyond what is covered in CIS 120.
Interfaces*)of)the)CollecBons)Libary)
search trees (from Chapter 6), linked lists (from Chapter 16) and resizable arrays
(from Chapter 32). It uses these data structures to implement deques, sets and
finite maps (from Chapter 10).
Collection<E>! Map<K,V>!
...
}
This interface includes operations for returning the number of elements in the
collection (its size), determining whether the collection is empty or not, adding a
new element to the collection, determining whether the collection contains a spec-
ified element, and removing a specified element. This interface is very similar to
the ones that we used in the OCaml part of the course for Queues and Deques.
Note that contains and remove both take arguments of type Object instead of
type E. This is because these methods use the .equals method from the object class
to determine whether the supplied object matches the element in the collection.
It could be that the provided element is not a subtype of E, but is still equivalent
to it. (The equality method does not have to return false for objects of different
Sequences)
types, it may only look at the common parts of the object values to determine if
they are equal. Most applications only store and remove one type of element in
a collection, in which case this subtlety never becomes an issue.)
Collection<E>!
Extends)
Implements)
List<E>! Deque<E>!
LinkedList<E>!
ArrayList<E>! ArrayDeque<E>!
Lists and Deques are both ordered collections of elements, which we will infor-
mally call Sequences. Figure 25.2 shows several implementations of these interfaces
in the Java Collections Framework. In particular, the ArrayList and ArrayDeque
implementations are similar to the resizable array class which we developed in
Chapter 32. The LinkedList class is similar to the deque implementation from
Chapter 33. When you are reasoning about how long operations take for these
implementations, you should use the related implementations as a model. For
example, both ArrayList and LinkedList allow you to access elements by their
position in the sequence. However, since the ArrayList stores the elements in an
array, it is just as fast to access the last element in the list as the first one. On the
other hand, accessing the last element in an LinkedList can take a long time if the
implementation has to trace through the entire list of linked nodes to find the el-
ement. Conversely, both implementations also allow you to add elements to the
middle of the sequence. In this case, it is much faster to add an element in the mid-
dle of a linked list (where it needs to only create a new node), then to add one to
the middle of an array (which needs to allocate a new array and copy the elements
over). Sets)and)Maps)
Collection<E>!
Map<K,V>!
Set<E>!
HashMap<E>!
HashSet<E>!
SortedMap<K,V>!
SortedSet<E>!
TreeMap<E>!
TreeSet<E>!
Extends)
Implements)
Figure 25.3 shows some implementations of the set interface (also a collection)
and the map interface. The most important implementations of these interfaces are
based on hashing (in HashSet and HashMap) and binary search trees (in TreeSet and
TreeMap). The BST based implementation of sets actually implements a subinter-
face of set called SortedSet. This is the interface of sets that requires an ordering
on elements in the set. In OCaml, all data values were ordered by the pre-defined
< operator. However, in this library design, each can use a specific comparison
method for the elements in the set. That makes these BSTs (and BST-based maps)
more flexible.
Hashing is an implementation technique that is beyond the scope of this
courseyoull learn more about it in CIS 120. We include those implementations
here to point out the difference between sets and sorted sets.
Iterable<E>!
Collection<E>!
interface Iterable<E> {
public Iterator<E> iterator();
}
interface Iterator<E> {
public boolean hasNext();
public E next();
public void delete(); // optional
}
numBooks = numbooks+1;
}
The general for a for-each loop is shown below. The for loop declares the vari-
able var of type type with a scope that includes the body of the for-each loop. The
loop iterates once for each element in the collection coll.
A nice feature of Java is that arrays are also Iterable. For example, we could
use a for-each loop to count the non-zero elements of an array with the following
code:
In fact, any object that satisfies the Iterable interface can be used with a for-
each loop.
In this chapter we talk more about method overriding, the idea that a subclass can
redefine a method that is already present in one of its ancestor classes. In the
previous chapters, we have already seen an example where method overriding
is important: subclasses of JComponent typically override the the paintComponent
method to control how they are displayed on the screen. Here we both make the
semantics of overriding precise by showing what it looks like in the abstract stack
machine, and also discuss when and where method overriding is appropriate in
Object-Oriented programming.
The former turns out to be trivial. Our ASM model for dynamic dispatch al-
ready explains what happens when methods are overriddenwe dont need to
add any new functionality to our model. However, the latter is a much deeper
issue. Method overriding can make code confusing and difficult to reason about if
not used carefully.
public class C {
public void printName() { System.out.println("I'm a C"); }
}
Now, when the following code is run, what is printed to the console? And why?
C c = new D();
c.printName(); // what gets printed?
The result is that, even though the static class of c is C, dynamic dispatch means
that the method definition in class D is the one that is selected. Therefore I'm a D
is the result printed in this example.
We can see how this works precisely by stepping through the execution of the
ASM for this example. The ASM is initialized by putting the code snippet on the
workspace, and the class definitions above in the Class Table.
After executing the first line on the workspace, the stack contains the variable
c which is the reference to some object, with dynamic class D, stored on the heap.
(Because the class D does not declare any instance variables, we represent objects
created by this class just by their classname.)
Next, for the method call to the printName method, we look up the dynamic
class of the object to find where to look in the class table for this method definition.
After this method call, the body of this method is placed on the workspace and the
saved workspace and this reference are pushed onto the stack.
Finally, after this code executes, the message I'm a D appears in the console.
Because we started looking for the definition of the printName method in the class
D, we found that version of the method to execute. Even though the C class also
contains a definition of that method, we did not use it.
This behavior is true for all method invocations, even those for code defined in
superclasses.
For example, consider these two classes:
class C {
class E extends C {
// in main
C c = new E();
c.printName();
// The string "I'm a E" is printed to the console
Above, the definition of the class E overrides the getName method. As a result,
even though the printName method is defined in the class C, it calls the getName
method defined in class E. This is because the dynamic class of the method deter-
mines every method invocation.
This behavior of dynamic dispatch can make reasoning about programs dif-
ficult. The class C may be written in a different library than the class E, and by
different authors. The author of the C class must think about not just their own
method implementations, but the implementations of any other subclass. There is
no way for C to predict the result of getName. Instead, the author must define the
expected properties (i.e. behavioral contract) of any overriding method, document
it in the code, and hope that all subclasses respect that contract.
Sometimes overriding is the right thing to do, especially when the parent class
is designed specifically to support such modifications, and the expected properties
of the overridden methods is clearly defined by the super class. For example, the
paintComponent method in the class JComponent is designed to be overridden, and
the Swing documentation discusses what overriding methods should and should
not do. In this case the library designer will specifically provide a behavior contract
that the parent methods assume about overridden methods.
As we will see, there are a few other methods in the Java libraries where over-
riding makes sense (and in fact, is necessary).
Another opportunity for overriding is if both parent and child class are con-
trolled by the same author. As long as this author will maintain control of both
parts as the software evolves, overriding may be ok.
However, there are usually better ways of structuring software that avoid over-
riding. For example, composition and delegation often achieve similar benefits with
minor overheads and much less confusion about behavior. For further discussion
about this topic, see Joshua Blochs Item 16 in Effective Java [2]. In particular, this
reference discusses how inheritance can break encapsulation.
Class authors can prevent subclasses from overridding their methods by using
the final modifier. When applied to methods, the final modifier prevents sub-
classes from overriding that particular method. That way the class author can al-
ways reason about what happens during a method callthe final modifier means
that a dynamic method invocation must be to an existing method.
Now, suppose we use this class with the linked lists defined in Java Collections
framework.
// somewhere in main
List<Point> l = new LinkedList<Point>();
l.add(new Point(1,2));
System.out.println(l.contains(new Point(1,2)));
Unfortunately, even though we have added the point at position (1,2) to the list,
the contains method returns false.
The reason is that in the linked list class, the contains method works in a way
something like this:
This code iterates over all of the elements in the linked list (using the for-each
notation). If the argument is null, then the method returns true if any of the ele-
ments are null. Otherwise, if the argument is non-null, then the method returns
true according to the equals method of the argument.
The point class above inherits the equals method of the Object class. This
method returns true only for reference equality. In other words, it behaves as if
we had said o == e. However, in the example above, we are comparing against
an object with the same structure, but that object is not an alias to any of the other
objects stored in the list.
To solve this problem we should override the equals method in the Point class.
There are two problems with this definition. The first is that it doesnt account
for that point to be null. If the argument to the equals method is null, then this
code throws a NullPointerException.
A more subtle issue with this code is that it actually doesnt override the equals
method. Recall that the type of equals requires its argument to be an Object. In-
stead, it uses overloading to add an additional method to the Point class. The inher-
ited equals method is still available, and Java uses the static type of an argument
to determine which method to call.
For example, in the code below, the first invocation of equals is to the inherited
method, so reference equality is used. The second invocation is to the overridden
method from the point class above, which implements a structural equality.
@Override
public boolean equals(Object o) {
if (o == null) { return false; }
// what do we do here???
}
However, because the type of the argument must be Object, we are a bit stuck.
How do we access the x and y components of the argument? How do we know
whether the argument even has these components (i.e. is a Point)? We need some
way to check the dynamic type of an object.
The instanceof operator tests the dynamic class of an object. If the dynamic
class is a subtype of the provided class or interface, the test returns true.
For example, suppose we define the following variables.
also prints true. Even though the static type of o1 is Object it is a reference to a
Point object (in fact, it is an alias to the same object as above).
On the other hand, the expression
@Override
public boolean equals(Object o) {
if (o == null) { return false; }
if (!(o instanceof Point)) { return false; }
// o is a Point - how do we treat it as such?
...
}
To finish out our implementation, we need one more piece: we need a dynamic
cast to convert the static type of o from Object to Point. The expression (Point)o
checks that o has dynamic class Point. If so, it returns the reference to that object
(with the new type). Otherwise, it throws a ClassCastException. In this case,
because of the instanceof test, we know that this dynamic cast cannot throw the
exception. But we can use it to create a new variable (called that) with a more
precise type. With this new variable, we can make sure that both the x and y
components of Point agree. If all of the tests succeed, we know that o is equal to
the point that invoked the method.
@Override
public boolean equals(Object o) {
if (o == null) { return false; }
if (!(o instanceof Point)) { return false; }
Point that = (Point) o;
if (x != that.x) { return false; }
if (y != that.y) { return false; }
return true;
}
There is one last optimization that equals methods often use. They check to
see if the argument happens to be an alias of this object (the one that invoked
the equals method.) If this is true, the method can immediately return true. This
initial check can eliminate the need for more expensive testing in certain cases, an
especially valuable trade-off for large data structures.
@Override
public boolean equals(Object o) {
if (this == o) { return true; }
if (o == null) { return false; }
if (!(o instanceof Point)) { return false; }
Point that = (Point) o;
if (x != that.x) { return false; }
if (y != that.y) { return false; }
return true;
}
if (o instanceof Point) {
Point p = (Point)o;
This method adapts the code above to the ColoredPoint class. It also uses the
method call super.equals(obj) to compare the x and y components of the object.
Unfortunately, there is a problem with this definition. It doesnt satisfies all of
the requirements of an implementation of equals. In particular, this method is not
symmetric when a Point is compared with a ColoredPoint.
o1.getClass() == o2.getClass()
This observation lets us implement a correct equality method for the Point
class, like this:
@Override
public boolean equals(Object o) {
if (o == null) return false;
if (this == o) return true;
if (!(getClass() == o.getClass())) return false;
Point that = (Point) o;
if (x != that.x) return false;
if (y != that.y) return false;
return true;
}
Exceptions
Some methods require that their arguments satisfy certain preconditions. For
example, a function that calculates the maximum value of an array requires
that its input not be null or the empty array.
The Java type checker cannot prevent this method from being called with
null or a zero-length array. How can this method deal with that situation?
Some interfaces have optional methods. This means that a class can imple-
ment this interface with a stub method. For example, the iterator interface
includes a delete operation (which modifies the underlying sequence, remov-
ing the element most recently returned by next from the collection).
interface Iterator<E> {
public boolean hasNext();
public E next();
public void delete(); // optional
}
However, not every iterator can support that operation. Those classes must
define a delete method to implement the interface, but the only thing that
method should do is report an error that it shouldnt be called with that par-
ticular iterator.
Some parts of the program deal with external resources. Those resources may
or may not be present. For example, a Java method in the IO library may try
to open and read from a file on the computers hard drive. But what if that
file doesnt exist?
Some parts of the program just may not be finished. How can a programmer
indicate that some methods are not ready to be used and only present in an
object to satisfy interfaces?
the program that deals with failure is scattered throughout the normal execution
of the method, making the method difficult to read.
This chapter presents a new alternative to dealing with exceptional circumstances
the use of a language feature called exceptions. Most modern languages, including
OCaml and Java, support this feature. Exceptions allow functions and methods to
signal errors in a way that any indirect caller can handle the error, not just the most
immediate one. Furthermore, if the error is not handled, the program immediately
terminates, meaning that bugs are easier to detect and therefore not as subtle.
Creating an exception like this does not do anything special. The unique aspect
of exceptions is that they can be thrown.
Throwing an exception is like an emergency exit from the current method. The
exception propagates up the invocation stack until it either reaches the top and the
stack, in which case the program aborts with the error, or the exception is caught.
Weve already seen exception throwing before, we just didnt call it that. In OCaml,
the failwith expression throws an exception (called Failure) in that language. To
throw an exception in Java, use the throw keyword. For example, to exit a method
when its argument is three, we could throw an illegal argument exception.
Catching an exception lets callers take appropriate actions to handle the abnor-
mal circumstances. This lets programs have a chance to recover from the abnor-
mal situation and try something else. Exceptions thrown within the block of a try
statement are caught using a catch block.
For example, if a file for reading is not found, then the program can give an alert
to the user and ask for a different filename. For example, consider this method
from a GUI for displaying images (such as in HW07). The constructor of the
Picture class takes a string that is the filename of a new picture to show in the
window. If the file is successfully read, then the new picture is displayed by this
method (weve ommitted that code). However, because this process could fail, it
is put inside of a try block.
If the Picture constructor cannot read from the specified file, then it throws
an IOException, indicating that trouble. The catch expression after the try block
includes code to execute in the case that an IOException is thrown. The actual
exception that was thrown is bound to the variable ex, and information that it
carries, such as an error message, can be accessed in the catch. For example, the
code above uses ex.getMessage() to get further details about why the file cannot
be read.
Note that constructors must return a reference to a newly constructed objects.
They do not have the choice to return null instead, indicating an error. Exceptions
are the only way that constructors can indicate difficulties in object construction.
ceptions are thrown and caught. Each exception handler (i.e. catch clause) is
saved on the stack whenever execution reaches the accompanying try block in the
workspace. When exceptions are thrown, the stack is popped until a saved excep-
tion handler is found. If there are no exception handlers, then program execution
terminates. The program stops with an error.
The lecture slides from the Exceptions Lecture demonstrate the ASM in action.
try {
... // do something with the IO library
} catch (FileNotFoundException e) {
... // handle an absent file
} catch (IOException e) {
... // handle other kinds of IO errors.
}
In this example the first clause catches any FileNotFoundException and the sec-
ond clause catches all other IOExceptions that could be thrown by the body of the
try block. Other exceptions, such as NullPointerExceptions, are not caught and
propagate outward.
This example demonstrate that it is the dynamic class of the thrown exception
object that determines what handling code is run. The exception handlers are ex-
amined in order and any one that binds an exception variable with some type that
is a superclass of the dynamic class of the thrown exception is the one that is trig-
gered.
Note that, in the Java IO libraries, the class FileNotFoundException extends
the IOException class. This means that FileNotFoundException is a subtype of
IOException. As a result, if we had exchanged the order of the exeception handlers
above:
try {
... // do something with the IO library
} catch (IOException e) {
... // all kinds of IO errors
} catch (FileNotFoundException e) {
... // execution could never reach here
}
try {
... // do something
} catch (Exception e) {
... // triggers for any sort of exception
}
However, such exception handlers are usually not a good idea. If you use one in
your code, you are claiming that you know how to handle any sort of exceptional
circumstance whatsoever, and that is not usually the case. It is much more likely
that your code will handle some sorts of exceptions, but completely ignore other
sorts, such as NullPointerExceptions. This is particularly bad because those ex-
ceptions will not propagate to the top level, hiding bugs that exist in your code.
And, if you cannot detect bugs early, they are much more difficult to eliminate.
27.5 Finally
Exception handlers can also include finally clauses.
A finally clause of a try/catch/finally statement always gets run, regardless of
whether there is no exception, a propagated exception, a caught exception, or even
if the method returns from inside the try.
These sorts of clauses are most often used for releasing resources that might
have been held/created by the try block. For example, whenever files are
opened for reading in Java, they must also be closed afterwards. The operating
system can only allow so many files to be open at once, closing the file when read-
ing is complete means that other file operations are more likely to succeed. The
code below uses the FileReader class to open and read from a file.
While reading from the file, an IOException may occur. If that is the case, then
the method should still close the file afterwards.
Object)
Type)of)all)
throwable)objects.)
Throwable)
Fatal)Errors,)should)
Subtypes)of) never)be)caught.)
ExcepCon)must)be)
declared.)
ExcepCon) Error)
CIS120)/)Spring)2012)
Figure 27.1: The Java Exception class hierarchy
For example, this method below could throw an instance of the AnException
class.
That is so that every caller of the method knows that the exception could be
means that every method would have to declare them, making the declaration
itself tedious but meaningless.
As you define your own exception classes, you have the choice of whether they
should be declared or not, by choosing whether to extend RuntimeException or
Exception. Declared exceptions provide better documentation for usersthe in-
terface for the method is more explicit when it includes the potential exceptions
that the caller should be aware of. With undeclared exceptions, it is easier for the
callers to not even know that they should set up exception handlers for exceptional
circumstances.
However, the cost of declared exceptions is that it is more difficult to maintain
code as this interface must be adapted each time the code is modified. In practice,
developers have not seen much benefit to declared exceptions. Test-driven devel-
opment encourages a fail early/fail often model of code design and lots of code
refactoring, so undeclared exceptions are prevalent.
As a compromise, only general purpose libraries tend to use declared excep-
tions, as the explicit interfaces are much more important in that situation.
Just as it is good style to re-use data structures from the standard library, it is
also good style to re-use existing exception types when they are meaningful
to the situation. For example, if you are implementing your own sort of con-
tainer class, it makes sense to use the NoSuchElementException from the Java
collections framework.
values can help exception handlers recover from the situation more grace-
fully, and if necessary, provide more insightful error messages to users.
Catch exceptions as near to the source of failure as makes sense. You could
put all of your exception handling code in the main method of your applica-
tion, which would prevent your program from being terminated by a thrown
exception. However, the main method probably does not have enough infor-
mation to recover from the situation. It is better to handle the exception as
soon as possible.
See the Java Tutorial1 for further information about exceptions in Java.
1
http://docs.oracle.com/javase/tutorial/essential/exceptions/
IO
Like Chapter 25, this chapter concerns a very useful part of the Java Standard li-
brary, the IO library. The abbreviation IO is short for Input-Output. This library
I/O)Streams)
contains classes so that Java programs can interact with its environment.
The fundamental abstraction in the IO library is a stream, a communication
channel to the outside world. A stream is a sequence of values that the program
The)stream)abstracIon)represents)a)communicaIon)channel)
processes in order, and may not have a fixed end (unlike a list or array). For ex-
ample,with)the)outside)world.)
an input stream may consist of the sequence of characters being read from
potenIally)unbounded)number)of)inputs)or)outputs)(unlike)a)list))
the keyboard or a file, a sequence of bytes read from a network connection. Out-
data)items)are)read)from)(or)wriPen)to))a)stream)one)at)a)Ime))
put streams allow the program to send information, either to the console, a text
window, a file, or the network. Values are read or written to the stream in order,
The)Java)I/O)library)uses)inheritance)to)provide)a)unied)view)
one-by-one.
of)disparate)data)sources)or)data)sinks.)
Java unifies all of these sources and sinks of data using a common type. The
two abstract classes InputStream and OutputStream describe the interface for basic
operations in the stream hierarchy1
1
Abstract classes are a cross between interfaces and classes. Like interfaces, they include method
declarations and cannot be instantiated. However, they may also include method definitions, con-
The basic operation from the InputStream class is a method to read data from
the stream.
In both cases, these methods are abstractthey just declare the methods that
subclasses must implement. Subclasses that extend these classes will implement
read and write to actually pull data from and push data to the appropriate devices
(files, keyboards, network, etc.) Furthermore, although the types of these meth-
ods look like they read and write integer values, in actuality, input and output is
based on bytes. Bytes are 8-bit integersi.e. numbers in the range 0-255. The read
method will never return the integer 256 or higher. Likewise, the write method
will produce strange results when given numbers that are not within 0-255.
The read method returns -1 when the end of the stream is detected and there
are no more bytes to be read.
Both of these methods could throw an IOException if the stream cannot be read
or written to.
structors and fields, like regular classes. They are useful for describing an interface and providing
basic functionality to all subclasses based on that interface. Abstract classes are most useful in
building big libraries, which is why we arent focusing on them in this course.
class Image {
private int width;
private int height;
private int[][] data; // each value is in the range 0-255
Note that after the constructor is finished with the file, it closes the input stream.
File streams are managed by the operating system. Only open files may be read
from or written to. Furthermore, the operating system should be notified when
the file access is complete by closing the file. This lets the operating system know
that it no longer needs to manage the file.
Furthermore, this constructor explicitly throws exceptions indicating that the
file is not in the correct format. Furthermore, some of the operations that the con-
structor uses to read the file could also throw exceptions. For example, if the file
could not be opened by the FileInputStream constructor, then that constructor
may throw an FileNotFoundException. Likewise, the read methods could throw
IOExceptions for other sorts of errors.
Input streams provide the most basic support for working with input and out-
put, but some times you would like more help. For example, we could make the
code above more efficient by using a BufferedInputStream. This class groups to-
gether multiple reads into one file access, while still providing the data byte by
byte. Because setting up the file access is the slow part, its much faster to read
multiple bytes at once.
Using a BufferedInputStream is simple. This class just wraps another
InputStream to add buffering. For example, we could add buffering to the example
28.2 PrintStream
For example, one class that you have already used (without even knowing about
it) is the PrintStream class.2 This class extends OutputStream with methods for
printing various different types of values to the console, including Strings. Unlike
the OutputStream above, which only writes bytes, this stream can write any Java
value.
The System class (part of Java) contains a static field called out that is an in-
stance of this class.3 So every use of System.out.println is calling a method of the
PrintStream class.
The println method is an example of an overloaded method. This means
that there are actually several different variants of the println method in the
PrintStream class. For example, the javadocs for this class include the following
methods, useful for printing both primitive values and objects.
void println()
// Terminates the current line by writing the
// line separator string.
void println(boolean x)
// Prints a boolean and then terminate the line.
void println(char x)
// Prints a character and then terminate the line.
void println(double x)
// Prints a double and then terminate the line.
2
See http://docs.oracle.com/javase/6/docs/api/java/io/PrintStream.html
for the documentation of the PrintStream class.
3
Note that System.out is a static member of the class Systemthis means that the field out is
associated with the class, not an instance of the class. Recall that static members in Java act like
global variables, as described in ??.
void println(float x)
// Prints a float and then terminate the line.
void println(int x)
// Prints an integer and then terminate the line.
void println(Object x)
// Prints an Object and then terminate the line.
void println(String x)
// Prints a String and then terminate the line.
With overloading, the number and static types of the arguments determine
which version of the method executes. The java IO library uses overloading of
constructors pervasively to make it easy to glue together the right stream process-
ing routines.
Other useful methods in the PrintStream class include a method to print val-
ues without terminating the line (overloaded like println above) and a method to
flush the output.
void print(String x)
// write x without terminating the line
(output may not appear until the stream is flushed)
void flush()
// actually output any characters waiting to be sent
What does the flush method do? The PrintStream class actually buffers output
to the console. What this means is that it gathers together the output of several
calls to print in a special data structure called a buffer. It does not display them
immediately. Only when the buffer is flushed does the output appear in the con-
sole. Flushing happens when the buffer is full, with every newline, and when it is
flushed explicitly with the flush method.
The FileReader class creates a reader that reads characters from an input text
file. For example, given a string fileName, we can construct a reader as follows:
If we would like to add buffering to the file access (as we did for input streams
above) the BufferedReader class serves the same role as the BufferedInputStream
class. For example, creating a file reader with buffering can be done just by wrap-
ping the file reader with a buffered reader:
This code opens a new file reader for a specified input file. It then reads the
file character-by-character until there are no characters remaining in the file. As
each character is read, it updates the string value to include that new character
at the end by concatenating the current string and the new character. (Note that
before the int character can be added to the string it must be casted to the primitive
Java type char. This makes sure that the value is interpreted as a character as it is
appended to the string instead of a number.)
All of these appends make this routine very slow. As each character is read, a
new string must be allocated in the heap and all of the previous values of the old
string, plus the new string must be copied into it.
Instead, the StringWriter class uses a resizable array to read into a string of un-
known size more efficiently. This class doubles the array each time that it needs to
grow, so it does not need to do as many copies as the code above. The StringWriter
is a Writer, so its write method appends its input to the end of the output. The
toString method of the StringWriter class returns the current output as a String
value.
For example, if the above text were stored in an input file, then the console
should print
Histogram result:
The : 1
Write : 1
a : 4
as : 2
calculates : 1
command : 1
console : 1
distinct : 1
distribution : 1
e : 1
each : 1
file : 2
filename : 1
for : 1
freq : 1
frequencies : 1
frequency : 1
given : 1
i : 1
input : 1
line : 2
number : 1
occurrences : 1
of : 4
one : 1
pairs : 1
per : 1
print : 1
program : 2
sequence : 1
should : 1
text : 1
that : 1
the : 4
then : 1
to : 1
word : 2
Note that in this example, punctuation is ignored. The program merely breaks
up the input into words and then counts the number of occurrences of each word
in the program.
When thinking about this exercise, we must ask a number of questions.
how do we input data?
what do we need to do to process it?
what is a word?
The answers to these questions help us break up the whole problem into sub-
problems and define the interface between those components. Furthermore, in
answering these questions, we may need to look at the Java libraries to see if there
is some pre-defined functionality that can help us.
One observation that we can make is that since we need to work through the file
word-by-word, we need some way to return each of the words in the file until there
arent any more. The Iterator interface describes a class that returns a sequence
of values, because we will represent words by strings, we will create a class that
implements the Iterator<String> interface.
WordScanner
We will call this class a WordScanner. We have already defined some of the interface
for this classit should be an iterator.
The other part of the interface to define is the constructor for the class. How
will we create a WordScanner?
The constructor for this class needs a place to read the words from. Since we are
working with words, we will want an input stream that works with text. Therefore,
we will make the constructor take a Reader as an argument. The class itself will
read characters from the reader and assemble them into words.
Before we write the code, we should create a few test cases. These test cases
will need to supply a Reader to the word scanner:
For example, given a blank input, we should not be able to read any words from
it. Because the word scanner will use a reader, we can test it with any subclass of
reader. Even though in the full program we will read from files, for the test cases,
we can use a StringReader to test the WordScanner.
assertTrue(word.equals("one"));
assertFalse(ws.hasNext());
}
After designing a few test cases, including those with multiple words, and with
punctuation or other non-letter characters, we can then move onto the implemen-
tation of the word scanner. The implementation of this class is in Figure 28.2 and
Figure 28.3.
The WordScanner class needs two pieces of private state. It needs to remember
the Reader that it gets the input from (well call this r) and the last character read
(well call this c) from this Reader.
The invariant is that if the character is -1 then there are no more characters in
the input, and therefore no more words to return. Therefore, the hasNext method
can just return whether this character is -1.
Furthermore, the reader will be in a state such that the last character read is
always a letter. If any of the methods reads a nonletter character, the method
will keep reading until it either reaches -1 or a letter. In fact, the private method
skipNonLetters does just this. Note that the static method Character.isLetter
can determine whether a specific character is a letter or not.
Every time the next method is invoked, the wordscanner needs to read all of
the letter characters in the input and return that as a word. Also, to maintain the
invariant about c, it needs to skip all of the nonletter characters following the word.
This method uses a StringWriter to gather the read characters as above.
Histogram
Figure 28.4 uses the WordScanner class to solve the design problem in its main
method. The first step is to make sure that the method was called correctly. The
arguments to the main method are the commandline arguments to the program. In
this case, we want to make sure that the program is called with a single argument,
the name of the file to process. This file name should be stored in the first position
of the args array, i.e. args[0]. If this argument is not present, or if there are addi-
tional arguments, the program terminates with a message describing how to run
the program from the command line.
Next, the method uses a word scanner to read in the words from the file one
by one. As each word is read, the method stores the word in a finite map. The
Collections framework includes TreeMap an implementation of the Map interface.
In this case we would like to map words to their number of occurrences. So the
Map that want to create maps String keys to Integer values.
The Reader for the WordScanner is created inside of a try block. This is because
this process could fail. If the given filename (args[0]) then the constructor for the
// Invariant:
// c is -1 for EOF, otherwise the int representation
// for a *letter* starting the next word.
/**
* Returns true if there is a word available.
*/
public boolean hasNext() {
return (c != -1);
}
/**
* Returns the next word available from the Reader and
* then skips all non-letter characters.
*
* Throws "NoSuchElementException" if there is not
* another character
*
* @see java.util.Iterator#next()
*/
public String next() {
if (c == -1) throw new NoSuchElementException();
// a "buffer" to read the word into
StringWriter buf = new StringWriter();
try {
while (Character.isLetter(c)) {
buf.write(c);
c = r.read();
}
} catch (IOException e) {
throw new NoSuchElementException();
}
skipNonLetters();
return buf.toString();
}
/**
* Unsupported by this iterator.
*/
public void remove() {
throw new UnsupportedOperationException ();
FileReader class will throw an exception. For efficiency, we wrap the file reader
inside a BufferedReader before passing it to the constructor of the WordScanner
class.
The main loop of the program iterates through all of the words in the file. If
the word is already found in the TreeMap, the program increments its value. Oth-
erwise, the program inserts the word into the TreeMap with the value 1, indicating
that the word has been seen once.
After the entire file has been processed, the program closes the input file, using
the close method of the FileReader class. The program then uses the iterator of
the TreeMap class to print out the frequencies of all of the words. The for-each ex-
pression gives access to all the entries in the finite map, represented using the class
Map.Entry. The getKey() method of this class gives the key (i.e. the word) and
likewise getValue() returns the number of occurrences that were calculated. Be-
cause we used a binary search tree to implement the map, the entries are returned
in alphabetical order.
// Basic idea:
// Use a WordScanner to read in the words from the file.
// Then use a TreeMap to calculate the word frequencies
// Then use a PrintWriter to display the key value data
Map<String,Integer> freq =
new TreeMap<String, Integer>();
try {
FileReader freader = new FileReader(args[0]);
Reader reader = new BufferedReader(freader);
WordScanner s = new WordScanner(reader);
while (s.hasNext()) {
String word = s.next();
if (freq.containsKey(word)) {
Integer i = freq.get(word);
freq.put(word, i+1);
} else {
freq.put(word,1);
}
}
// release the resources used by the input streams
reader.close();
} catch (FileNotFoundException e) {
System.out.println("File not found.");
} catch (IOException e) {
System.out.println("IO error from closing reader.");
}
}
}
The third major library that we cover in CIS 120 is Swing, the Java library for de-
veloping GUI applications.
We study this library in CIS 120 for a number of reasons:
It is an example of the event-based (or reactive-) programming model.
One goal of CIS 120 is to expose students to many different forms of program-
ming, from functional (computation produces values), to iterative (where
computation does something, such as modify data structures and print out-
put), to object-oriented (where computation is the interaction between state-
hiding components) to reactive (where computation means installing actions
that happen in response to events).
It is also an example of Object-Oriented programming.
The Swing library makes extensive use of subtyping, inheritance and over-
riding to define its abstractions and produce reusable code. In 18 we de-
signed a GUI library in OCaml without any of these features. So we will
be able to make a good comparison so that we understand and justify these
constructs.
As with the other libraries that we have covered, we can look at how this one
is organized to learn a bit about library design.
It enables fun applications! The Swing library gives us a rich set of classes to
work with.
In this chapter we introduce the basic framework of the Swing library and dis-
cuss how it compares to the OCaml GUI library that we developed earlier in the
course. For more information about Swing and developing GUI applications in
Java, we recommend the Java Swing Tutorial1 .
1
http://docs.oracle.com/javase/tutorial/ui/index.html.
OCaml& Java&
Graphics)Context) Gctx.t) Graphics)
Widget)type) Widget.t) JComponent)
Basic)Widgets) buaon) JBuaon)
label) JLabel)
checkbox) JCheckBox)
Concepts)from)OCaml)GUI)assignment)have)analogues)in)Java)swing)library)
Figure 29.1: Concepts from OCaml GUI library have analogues in Swing
The OCaml GUI library that we developed in ch:gui was intended to serve as
a model of Swing. There were three important parts of that model.
The fundamental building block of the OCaml GUI library was the widget, de-
fined in Widget.ml. This module provided an abstract type of things displayed
on the screen, giving a uniform interfaces to the building blocks of GUIs (buttons,
canvas, labels, checkboxes, etc.). Other widgets provide layout of these basic ele-
ments, by placing them beside or above each other. In this way, the widgets divide
up the window of the application in a hierarchical fashion. The widget interface
included three components: a function from drawing the widget on the screen
(called repaint), a function for calculating the size of the drawn widget (called
size), and a function for handling events that occur in the widgets area of the
window.
For drawing, GUI library included the idea of a graphics context, implemented
in Gctx.ml. This module provided the drawing operations that we used to build
the rest of the library. It also relativized the coordinates for drawing, so that each
widget could draw itself using the same code, no matter where the widget was
located in the final application. Finally the graphics context tracked the state nec-
essary for drawing, such as the current pen color or line thickness.
To handle events, the GUI library stored certain higher-order functions as event
listeners. When an event is triggered, the event listeners would update the state
of the application. The program would then communicate the changed state by
redrawing all of the widgets.
The concepts that you saw in the OCaml GUI library have analogues in the
Java Swing library, as listed in Figure ??. In OCaml, the concepts were usually
represented by a module, type definition or functions. In Java, they are always
classes.
;; Eventloop.run w_draw
In our Java example, we will draw in roughly the same way. The Swing analog
to widget is the class JComponent. All Swing GUI components are subclasses of
this class. To create a component that draws a picture in the window, like the one
above, we need to create a subclass of this class that overrides the methods that
correspond to repaint and size above.2
The two analogous methods in the JComponent class are:
2
Recall that method overriding is when a subclass replaces a method definition with a definition
of its own.
Fractal)Drawing)Demo)
(A Dimension is an object that contains an height and width fields.)
The argument to the JFrame constructor is the name on the title of the window
(usually shown at the top of the window by most operating systems.) The window
shown in Figure 29.2 has the word Tree at the top. This line is where that is
specified. The next line of the program instructs the frame that it should display a
new instance of the Drawing class. Frames are containers, in that they hold a single
JComponent, and this line determines the component that will be displayed in the
frame. The next line instructs the frame what to do when the user clicks the close
button on the window (on Mac OS, the red circle in the titlebar). The program
doesnt end automatically when this happens unless we include this line in the
code. After that, the frame must calculate how big it should be. The pack method
performs this calculation automatically, using the getPreferredSize method of the
component, and making sure that the frame is exactly big enough to contain the
drawing panel.
Finally, although we have created the frame, it doesnt display until we tell it to
show itself. This setVisible actually makes the frame appear on the screen. This
frame can be interacted with using the standard windowing commands (move, re-
size, minimize, maximize, close) provided by the operating system. But it doesnt
really do anything else.
We start a Swing application using the following main method. The static
method SwingUtilities.invokeLater makes sure that the GUI starts correctly. Its
argument must be something that implements the Runnable interface (which only
requires the class to have a run method).
JavaPaint)Demo)
to standard user input, such as mouse events and key presses. Our eventual goal
will be to re-create something like the Paint program using Swing instead of our
hand-rolled OCaml GUI.
However, before we do that, we will start with something much more mod-
est. We will go back to the lightswitch demo that we used for OCaml (back in
Figure 18.9) and rewrite it using the Swing libraries. Our first goal is the simple
design problem:
To implement the lightswitch, we will first assemble the components and then
add the interactivity. In this case, our application is composed of two different
components, a button (labeled On/Off) and a section of the window that changes
color from yellow to black. For the latter, we will create a component similar
to the Drawing above. The difference is that this time the object will include a
boolean field, called isOn, that will determine whether to repaint itself yellow or
black. If the value of isOn is true, then the object will repaint itself with a yellow
rectangle. Otherwise, it will use black. (Note that this time we omit the call to
super.paintComponent because our painting completely fills the component. We
dont need the background.)
The method flip changes the state of the lightbulb. If it is on, then it turns off
and vice versa. However, there is one more important part to flip. The last line of
the method, the call repaint, tells the swing event loop that this component should
be redisplayed. Unlike the OCaml GUI library, which repaints every widget at
every time step, the Swing library only repaints the components that indicated
that they need to be repainted.
We can get this started as we did for the fractal tree drawing above. Again we
create a frame and specify its title. However, this time we would like to add two
components to the frame, a button and an instance of the Lightbulb class above. A
frame can only contain one component, if we tried to add two of them, then only
the most recently added component would be displayed.
Therefore, we need a Container component that can hold multiple components.
The class JPanel is such a component. We create after creating an instance of this
class, we can add both a button (created from the class JButton) and a lightbulb
to the panel. (By default, these two components will appear side-by-side, as in a
hpair.)
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.pack();
frame.setVisible(true);
}
}
However, although the code above will display the button and the lightbulb, it
doesnt do anything. Pushing the button has no effect. That is because we havent
added an event handler to the button to react to button presses.
interface ActionListener {
public void actionPerformed(ActionEvent e);
}
The final step is to wire up the button. In other words, we need to create an
instance of the BulbSwitch class and tell the button to store this object as an action
listener. We do this by adding the following line to the main method, after the
button and bulb components have been created. The addActionlListener method
of the JButton class adds its argument to the list of action listeners to the button.
Whenever the button is pressed, the actionPerformed methods of all of the action
listeners will be called.
29.4 Timer
Suppose we would like to implement a blinking light bulb, one that turns itself on
and off without waiting for user input. To control this light bulb, we use a Timer
object, as in the code below.
The Timer constructor takes two arguments, an time interval (in milliseconds),
and an ActionListener to run whenever the timer goes off. The method start
gets the timer started.
Note that both the Timer and the JButton can use the same ActionListener.
We didnt have to change anything in the BulbSwitch class. This is a nice property
of the Swing library design, it separates the description of what should happen
(toggling a lightbulb) from the description of why it should happen (because the
user pressed a button, or because a timer went off.)
In fact, even though in the example above, the button and timer control differ-
ent bulbs, there is no reason that they cant control the same bulb-which bulb
changes is specified by the argument of the BulbSwitch constructor. Likewise, a
button or timer could control multiple bulbs, merely by adding additional action
listeners.
30.1 Layout
A GUI application typically is composed of several components: buttons, can-
vases, checkboxes, textboxes etc. One challenge for the programmer is specifying
how these components should be arranged on the screen in relation to each other.
In the OCaml GUI library, we used vpair and hpair to simply put widgets
side-by-side, or on top of each other. By nesting these operations, we can lay out
widgets in many different configurations. However, this work is tedious.
In Swing, we can use layout managers to more succinctly develop standard
component arrangements. In this chapter, we demonstrate how to use a few of the
layout managers. However, we dont intend to be comprehensive. For more in-
formation about various forms of layout see the Java Swing Tutorial Lesson: Lay-
ing Out Components Within a Container available at: http://docs.oracle.
com/javase/tutorial/uiswing/layout/index.html.
In this section, we will demonstrate the effect of three different layout man-
agers, used to assemble a graphical application. Our application in these examples
just consists of five different buttons. These buttons wont do anything, we will
just arrange them in different configurations.
The listing below includes the entire code of the application. The run method
below creates a frame and five buttons. It also creates a container component,
a JPanel to store the five buttons. The frame contains the panel, and the panel
contains the buttons.
panel.add(b1);
panel.add(b2);
panel.add(b3);
panel.add(b4);
panel.add(b5);
frame.pack();
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.setVisible(true);
}
The default layout for a JPanel is called FlowLayout. This layout means that all
components added to the panel will be positioned in order left-to-right. If there is
not enough width to fit all of the components, then the layout starts a new line of
components. Within each line, all of the included components are centered on the
line.
However, as the window (and panel) changes width, the buttons rearrange them-
selves. The flow so that they still fit into the narrower window, as in the right
side of the figure.
The next layout we will demonstrate is the GridLayout. This layout puts the
buttons into a grid configuration. Changing the application to use this layout
merely requires adding the line
panel.setLayout(new GridLayout(3,2));
to run method right before all of the buttons are added to the panel. This com-
mand instructs the panel to divide itself into a grid containing three rows and two
columns. The resulting window of buttons is shown in Figure 30.2.
panel.setLayout(new BorderLayout());
panel.add(b1,BorderLayout.LINE_START);
panel.add(b2,BorderLayout.CENTER);
panel.add(b3,BorderLayout.LINE_END);
panel.add(b4,BorderLayout.PAGE_START);
panel.add(b5,BorderLayout.PAGE_END);
As the window is resized, the button in the center position is resized to accom-
modate the new space. The components on the top and bottom retain their heights,
but adjust their widths. The components on the left and right retain their widths,
but adjust their heights.
Initial design
The first question is, what components should we use to build the interface?
The drawing area to the left should be a component where we override the
paintComponent method so that it displays the shapes. Well design the class
DrawingExampleCanvas to do that. For the buttons on the right, we can use the
standard JButton class. As above, we will store references to these components in
the fields of a class that uses a run method to set up the interface.
// Canvas
public DrawingExampleCanvas drawingCanvas;
frame.setLayout(new BorderLayout());
frame.add(drawingPanel, BorderLayout.CENTER);
frame.add(eastPanel, BorderLayout.LINE_END);
Next, we should consider the interactions between the components. What sort
of state should be shared between them? How will the DrawingExampleCanvas
know what shapes to display? How will the buttons toggle that state?
For our first cut, we will add some boolean fields to the DrawingExample class
to remember which buttons have been pushed. The idea is that canvas will look
at these fields to determine which shapes to draw, and the buttons will set the
appropriate one to true when pressed.
Note that we make these boolean fields public because they must be read and
modified by other classes. The class for the DrawingExampleCanvas must read them
to find out which shapes to display. To do this, it must also keep a reference (called
owner) to the object that contains these boolean fields. (See the line above which
creates the canvasthe constructor is invoked with the this reference.)
if (owner.drawLine) {
// code for drawing lines
}
if (owner.drawSquare) {
// code for drawing squares
}
if (owner.drawTriangle) {
// code for drawing triangles
}
if (owner.drawOval) {
// code for drawing ovals
}
if (owner.drawText) {
// code for drawing text
}
}
Finally, we need to add the action listeners to the buttons so that they modify
the correct boolean value. We use the same listener for each button, and pass a
reference to the button that the listener is associated with. When the button is
pressed, we compare this reference to each of the buttons in the application to
determine which shape to draw.
Again, because the execution of the actionPerformed method accesses the fields
of the top-level object, the constructors for the DrawingExampleListener class must
take in a reference to it.
In the run method, after the buttons are created, we add their action listeners
with the following code.
if (test1) {
// do something
}
if (test2) {
// do something
}
are not extensible. Instead, it is much better to refactor the application to avoid
these if statements. In this section, we will demonstrate how to use dynamic dispatch
to eliminate this sequence in paintComponent. In the next section, we will refactor
the code again to remove the if statements in actionPerformed.
The code in the paintComponent class must display all of the shapes that have
been selected by the buttons. This code dispatches on the boolean values to do
the shape drawing, instead we would like to refactor the code so that instead of
using a fixed set of boolean fields to remember which shapes to draw, we will use
a mutable collection of shapes. In other words, we will replace the boolean fields
with the single field:
That way we can refactor the paintComponent method to look like this:
Here, the toplevel applications uses the field shapes to store a collection of ob-
ject that all implement the Shape interface. Because owner.shapes is a collection,
we can use the for-each notation to iterate through each shape in the collection.
Each shape knows how to draw itself, so that is what the paintComponent method
does for each shape in the collection.
What is a shape? It is an object that knows how to draw itself. Therefore, we
can create an interface that declares exactly this:
interface Shape {
public void draw(Graphics gc);
}
} else if (button.equals(owner.b2)) {
owner.shapes.add(new Square());
} else if (button.equals(owner.b3)) {
owner.shapes.add(new Triangle());
} else if (button.equals(owner.b4)) {
owner.shapes.add(new Oval());
} else if (button.equals(owner.b5)) {
owner.shapes.add(new Text());
However, this code is still a series of if expressions! Like the original version
of the paintComponent it is not automatically extensible. If we want to add more
shapes, we have to modify this code.
However, our previous modification suggests a simple fix. Instead of remem-
bering the button that was pressed to figure out which shape to add, ActionLis-
tener should just skip a step and remember the actual shape to add. In other words,
well change the class definition to include a shape reference, which should be ini-
tialized by the constructor.
As an added bonus, we can avoid adding the same shape twice. We can test
whether the collection already contains the shape before adding it.
Now, when we add the action listeners to the buttons, we need to merely create
the appropriate shape for each button. Whenever the button is pressed, that shape
will be added to the collection.
that should be drawn when the button is pressed. Therefore we add the following
method to the DrawingExample class.
Now we can go back to the run method and replace the repeated code with calls
to this method. Now the button creation code read succinctly:
This code is better because it is easier to read. Each button declares exactly what
is important about it, compared to the other buttons. We know that all the buttons
roughly do the same thing, because they are all created by the makeButton method.
But we know that they differ in their name, and in the shape that they create.
For example, a cut down version of the drawing example stores the list of
shapes in instances of the class DrawingExample, and displays them in instances
of the class DrawingCanvas.
Inner classes must be creating using instances of the outer classes. Even though
the class name is Outer.Inner, we cannot create an instance of this class with
Usually, instances of the inner class will be created in the nonstatic methods of
the outer class. This situation looks like normal object creation:
public Outer () {
Inner b = new Inner ();
}
but it is not quite the same. Just like a field access x is different than a local
variable and really short for this.x, the above code is short for using the current
outer object to create a new inner one.
public Outer () {
Inner b = this.new Inner ();
}
Outside the outer class, we need to specify what object to use to create instances
of the inner class. For example, in some other file, we could first create an object a,
and then use it to create an inner object b.
Note that the class DrawingExampleListener goes away. With the definition
above we can remove this class definition. Instead, we have an anonymous class
new InterfaceOrClassName() {
public void method1(int x) {
// code for method1
}
public void method2(char y) {
// code for method2
}
}
Note that there is a limitation here: the anonymous class cannot define a con-
structor. Such classes rarely need them however, the scoping rules mean that the
objects fields can be initialized using values in the current context. The static type
of this expression is the interface or class that was used to create the object. This
static type is a supertype of the objects dynamic class, however the objects dy-
namic class is anonymous, we didnt give it a name. Therefore, Java will not allow
us to refer to it.
Why do we say that anonymous Javas inner classes are similar to OCamls
higher-order functions? Both of these features create anonymous structures.
In Java we dont define the actual name of the class that constructs the object
above, and in OCaml, we dont define a name for the function when we say
fun (x:int) -> x + 1.
Furthermore, both of these language features create delayed computation
that can be stored in a data structure and run later. For example, in Java these
are commonly used in GUI programming for event listeners, while in OCaml, we
used first-class functions for the same purpose. The computation is delayed be-
cause it only runs when the button is pressed, and could run once, many times, or
not at all.
Finally, the scoping of these constructs is similar. Both sorts of computation can
refer to variables in the current scope. In OCaml, all variables are immutable,
so OCaml first class functions could refer to any available variable. In Java,
these methods can refer to only instance variables (fields, which are referenced
through the immutable variable this) and variables marked final (which are also
immutable).
In this chapter we will use a larger example to demonstrate user interaction with
Swing. In particular, we will go back to the paint program that we developed
with the OCaml GUI library and reimplement it with Javas swing library. This
application requires installing mouse listeners to interact with the drawing on the
screen. It will also give us a chance to make some comparisons between the OCaml
and Java languages, with respect to Object-Oriented programming.
frame.setLayout(new BorderLayout());
frame.add(canvas, BorderLayout.CENTER);
frame.add(createModeToolbar(), BorderLayout.PAGE_END);
frame.pack();
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.setVisible(true);
}
The code for the canvas, is almost identical to that of the previous chapter. As
before, it is an inner class so that it can access the private fields of the top-level
application. It also inherits from the JPanel class so that it can set the background
color to be white in the constructor.
public Canvas(){
super();
setBackground(Color.WHITE);
}
The mode toolbar is created by an auxiliary method in the Paint class. This
method constructs a panel to store the controls. So far, the controls include two
radio buttons (one for drawing shapes, one for drawing lines). Radio buttons are
UI elements, where only one can be selected at a time. We could extend the appli-
cation to include more shapes by adding more radio buttons to this toolbar.
The makeShapeButton method actually creates the radio buttons. The radio but-
tons must be added to both the toolbar panel and the ButtonGroup group. This
button group controls which radio buttons are associated with one another. As
one button is selected within the group, the others are deselected.
This method also adds an action listener to each button. This code runs when-
ever the button is selected. We use an anonymous inner class to define the action
listener class inline. Currently the action listener does nothing.
Furthermore, well modify the action listener for the radio buttons so that when
they are selected, they will change the mode. We can do this by adding an addi-
tional parameter to the makeShapeButton method. This parameter must be marked
as final so that it may be referred to in the actionPerformed method of the anony-
mous inner class.
When the radio buttons are created, we also need to specify their initial mode.
and the user clicks the mouse, we want to remember where the user clicked and
change the mode to LineEndMode. When we are in LineEndMode, we want to draw
a line from the saved point to the point where the user clicked and revert back to
LineStartMode.
We can implement this behavior with a mouse listener object that has methods
for reacting to mouse behavior. The MouseListener interface describes the methods
that such an event listener must include.
This interface includes several methods that run in response to mouse events
such as mouse clicks, mouse button presses and mouse button releases. Because
we only want to add a listener for mouse clicks, we can implement this interface by
extending the MouseAdapter class. This class has stub methods for the required
methods in the MouseListener interface. In our implementation, we will override
only the mouseClicked method.
@Override
public void mouseClicked(MouseEvent arg0) {
Point p = arg0.getPoint();
switch (mode) {
case PointMode:
shapes.add(new PointShape(color,p));
break;
case LineStartMode:
mode = Mode.LineEndMode;
modePoint = p;
break;
case LineEndMode:
shapes.add(new LineShape(color,p,modePoint));
mode = Mode.LineStartMode;
break;
}
canvas.repaint();
}
}
After the canvas is created (in the run method) we can add the mouse listener
so that it can react to mouse events.
During the paintComponent method of the Canvas class, we also need to draw
this shape, if it is non-null.
Furthermore, we need to change how the canvas listens to mouse events, using
the mouse class. Before, all the action was in the mouseClicked method. This time,
we need to spread the action between several methods. We dont need to change
the behavior for points too much, but for lines, we need to refine the behavior by
overriding the mousePressed, mouseReleased and mouseDragged methods.
If the mode is LineStartMode, then when the mouse is pressed we need to save
the location of the current click (in the field modePoint). We then switch modes to
await dragging and the eventual end of the line (signaled by releasing the mouse
button). Finally, we store the current location of the line
canvas.repaint();
}
When the mouse is dragged, and we are in LineEndMode, we need to update the
preview shape to reflect the current mouse position. As the mouse moves across
the screen, the preview line will be continuously redrawn.
Only when the mouse is finally released do we add a new shape to the canvas.
In this case we set the preview shape to null and switch back to LineStartMode to
await a new shape.
Note that after the radio buttons are created, we have inserted new code to add
keyboard control. This code code first sets the panel to be focusable, i.e. able
to receive the keyboard focus. It then adds a key listener to the panel using an
anonymous inner class. This anonymous class extends the KeyAdapter class and
overrides the keyPressed method. When the panel has the focus and when a key
is pressed on the keyboard, this method will be called.
The action of this method is to change the mode. We do that by forcing a click
on the point and line radio buttons. We are faking button presses with these calls.
Note that for the radio buttons to be accessible in the inner class, they must be
declared to be final when they are initialized.
The last step is to actually request the keyboard focus, using the line modeToolbar.requestFocu
No other component in the application will request the focus, so it will stay with
the modeToolbar.
For more information about how to use key board control, see the Java tutorial:
http://docs.oracle.com/javase/tutorial/uiswing/events/keylistener.
html.
The difference between these two versions is extensibility. The Java code can
easily add more shapes by adding more classes. In the OCaml code, we add more
shapes by adding more variants, and by modifying the repaint code in the canvas
for drawing.
This example demonstrates the differences between using datatypes and ob-
jects. With datatypes, the focus is how the data is stored. It is easy to add more
operations that work with the data, but harder to add more variants, or different
types of data. Conversely, with objects, the focus is on how the data is used. It is
east to add more variants (i.e. another class), but harder to add more operations to
the interface, because all existing classes need to be modified.
Datatypes are better for situations where the structure of the data is fixed, such
as in binary search trees. However, objects are better when the interface to the data
is fixed, such as drawing shapes.
Returning to our paint example, weve used objects for storing the shapes, but
we are still using variants for the drawing modes. Thats not very extensible, as
we add new shapes well have to add new drawing modes, and modify the mouse
listener to react to those new modes. Can we do better?
What this implies is that the mode is itself a mouse listener. Therefore, we will
change the definition of the mode type to reflect that:
The line drawing modes work together, defined by the following pair of classes.
The starting mode just switches the current mode to the ending mode, saving the
current point by passing it as a constructor to the newly created mode.
The ending mode updates the preview field as the mouse is dragged (creating
the line using the saved point in the mode as well as the current location of the
mouse.) When the mouse is released, it switches the mode back to the starting
mode, adds the new shape to the list of shapes to draw, and resets the preview
field.
Compared to the previous version, the switching based on the mode is im-
plicit. The mouse listener uses dynamic dispatch to figure out the correct reaction
to mouse events.
As we add new shapes to this application, we can add new modes just by
adding new classes. We dont need to modify any existing classes. Indeed, these
classes are defined as inner classes of the Paint application for convenient access
to the mode, shapes and preview fields. However, we could move these class def-
initions outside of the class as long as each mode had a way of accessing these
components.
This chapter works through a design exercise that emphasizes the use of encap-
sulation as a means to enforce program invariants. Along the way, it provides an
example of array programming in Java.
**
* An "infinitely large array" of integers; the backing buffer
* automatically resizes itself as new values are added.
*/
public class ResArray {
public ResArray()
@Test
public void testExtent3() {
ResArray a = new ResArray();
a.set(47,2);
a.set(47,0);
assertEquals(a.getExtent(),0);
}
ResArray Implementation
Developing the test cases has revealed some of the issues we must address with
the ResArray implementation. First, the size of the underlying arraythe backing
buffermight be larger than the index returned by getExtent. The reason is shown
by testExtent3, which first sets the value at index 47 to 2 and then resets it to 0.
Presumably, we must grow the backing buffer to hold at least 48 elements in order
to write at index 47, but it would be unecessary to re-size the backing buffer after
resetting the value to 0.
This analysis suggests that the ResArray class contains two pieces of local state:
the backing buffer itself, which is an array of integers, and an integer value that
well call extent, which keeps track of (one past) the index of the last non-zero
element of the ResArray.
How are the extent and the buffer related? The buffer must always be at least
big enough to hold elements indexed up to (but not including) the extent. If the
extent is smaller than the length of the buffer, then all of the elements whose indices
are greater than (or equal to) the extent must be 0. If extent - 1 is positive, then
buffer[extent - 1] must be non-zero.
Putting all of these considerations together, we arrive at the following ResArray
invariant, which are defined in terms of two private fields extent and buffer:
Guided by these invariants, we can easily implement the first few parts of the
ResArray class. There are two private fields, and the constructor simply creates an
empty ResArray.
public ResArray() {
extent = 0;
buffer = new int[0];
}
The get operation is slightly more interestingit uses the fact that if i < extent
then buffer[i] is well defined (unless i is negative, in which case it is appropriate
to throw an array bounds exception). If the index is greater than or equal to extent,
then the invariants tell us that we should always return 0.
The set operation is more interesting still. Here there are several cases to con-
sider. First, if the value being set is 0 and the index i is above the extent, then
nothing needs to be doneall of the array invariants are preserved and there is no
reason to change the backing buffer.
Second, if i is too big to fit into the existing buffer space, we must grow the
bufferfor now, we defer defining this operation, but observe that it should mod-
ify the buffer field so that its size is at least equal to i+1.
After possibly growing the array, it is safe to update the ith index to contain
the value v. Doing so might break the ResArray invariants, though, so we must
add code to re-establish them. In particular, if v is non-zero then we have to adjust
extent in the case that i is larger than the old extent. On the other hand, if v is 0
and the index were updating happens to be the last non-zero element of the array,
then we have to search backwards through the array to find the remaining largest
non-zero element. This is done in the method shrinkExtent.
Both grow and shrinkExtent should be private methodsthey are used only
internally to the ResArray class and so should not be exposed to outside code.
Putting all of this together, we arrive at:
if (i >= extent) {
extent = i+1;
}
if (v == 0 && extent == i+1) {
shrinkExtent(i);
}
}
The grow method must, at a minimum, create a new backing array large enough
to store i+1 elements, and then copy the old contents into the new array. A straight-
forward implementation would be the following:
The above implementation is perfectly functional and will meet the require-
ments of the ResArray invariant, but if you use it in practice, it might give
poor performance in the case that you set a sequence of consecutive indices:
a.set(0,v0); a.set(1,v1); a.set(2,v2); .... The problem is that each subse-
quent call will make a copy of all the preceding elements. This means that the total
amount of work done to set an n element sequence is proportional to n2 .
A better strategy (which, incidentally, is used in many other contexts, including
networking protocols like TCP) is to double the previous size of the array. Doing
so means that, when setting a consecutive sequence as in the case above, the grow
method will not make so many copies of the preceding elements. Intuitively, dou-
bling the array over provisions the space needed to store the elements, but, is at
most twice as much space as would otherwise be needed. Note that to maintain
the ResArray invariants, we must still ensure that at least index i is included in the
new buffer. We are thus led to the following implementation of grow:
Encapsulation
Encapsulation is the process of controlling access to the state of an object. In par-
ticular, in an encapsulated object, all changes to an objects state should be done
directly by the methods of the object.
The purpose of encapsulation is to preserve the invariants of an object. Recall
that an invariant of a data structure is a property that should always hold, for any
instance of that data structure, throughout its lifespan.
For example, resizable arrays have the following invariant, which states a rela-
tionship between the two private fields extent and buffer:
There is one slight subtlety: it would be erroneous to return the backing buffer
itself. First, the extent might not agree with the size of the backing buffer. Even if
the backing buffer is the same size as the extent, returning an alias to the encap-
sulated buffer would allow client programs to break the invariants by manipulat-
ing the backing buffer directly. That is, the following appealing optimization is
wrong:
In Chapter 10, we discussed the power of type abstraction. By hiding the im-
plementation of a data structure we can better preserve the invariants about its
implementatin. For example, there are many ways to represent the mathematical
idea of a set of elementsdifferent implementations leads to different properties
that must be preserved by the set operations. For example, if we represent sets by
lists, we may have to maintain the invariant that there are no duplicate elements.
Alternatively, if we represent sets by binary-search trees, then we must maintain
the binary search tree invariants to know that our set implementation is correct.
Type abstraction allows us to reason about invariants compositionally. Because
the actual representation type is abstract, no client of the set module can modify
its representation. Therefore, set operations, such as member and equal can assume
that their arguments satisfy the appropriate invariants, without worrying that the
clients are supplying bad sets.
Java too supports this idea of hiding the implementation of a data structure so
that its invariants may be maintained. In Java, this representation hiding is done
via the access modifiers on the class members. Typically, the fields are declared
private and access to them is provided through the public methods of the class.
If there is no way to violate the invariants of an object, then we say that the
methods encapsulate the object state.
33.1 Queues in ML
One example of a data structure that benefitted from type abstraction in OCaml
was the queue data structure. Externally, we defined queues to be an abstract
type, satisfying the following OCaml interface.
Because the users of queues had no idea about the linked list of qnodes, there
was no way for them to violate the invariants of the queue data structure. Recall:
Definition 33.1 (Queue Invariant). A data structure of type 'a queue satisfies the
queue invariants if (and only if), either
We start with the interface, because this definition specifies only what a queue
should do, not how to implement it. Java interfaces provide the flexibility that
OCaml interfaces do. There can be several different class that satisfy this interface,
and they may not necessarily implement queues with linked lists of queue nodes.
However, unlike in OCaml, we cannot use the interface for encapsulation. Instead,
in our implementation, we must carefully use our access modifiers so that we can
restrict access to the internal state of this implementation.
Let us compare the Java interface a bit more to the OCaml interface before
we continue to the implementation. The analogue to the OCaml abstract type
'a queue is the interface name itself Queue<E>. Like OCaml, this type is parameter-
ized by the elements of the queue. The Java type parameter <E> is the analogue of
the OCaml 'a.
In the Java interface definition, the type parameter E can appear throughout the
interface. When this interface type is instantiated, such as Queue<String>, then the
methods use String instead of E in their types. For example, if the variable o had
type Queue<String>, then the method invocation o.enq(x) would only type check
if x had type String.
Java Generics (i.e. the type parameters) work similarly to OCaml generics in
this example. However, there is one big difference between the OCaml interface
and the Java interface. The OCaml interface includes a way to construct queues,
the create function. There is no analogue to this declaration in the Java interface.
The reason is that the only type of value that could satisfy this interface in Java
is an object. And objects are always created by the constructors of their classes.
Interfaces do not include the constructors, and there is no easy way to abstractly
construct objects.1 .
Note that the type of the next field is a QNode<E>, whereas in OCaml it was
a 'a qnode option. The QNode<E> type includes a null reference, so we do not
need to make the field an explicit option. That is more convenient because we
can directly access the next queue node without pattern matching. However, it is
more error prone because we have to remember to make sure to check that the next
queue node is not null.
The constructor for this class merely initializes the two fields.
The top-level class is responsible for encapsulating the state of the queue. Like
the OCaml version, its state includes two mutable references to the head an the tail
of the queue. This class is also the one that implements the queue interfacethe
methods of this class implement the queue operations.
1
Advanced Java programmers use factory methods to control object creation. For more informa-
tion see the classic book on Java Design Patterns [5]
/** Constructor */
public QueueImpl () {
head = null;
tail = null;
}
To encapsulate the queue state note that the head and tail fields of this class
are declared private. No classes outside of this one are allowed to access these
components. Furthermore, none of the methods of this class mention the QNode
class. Other parts of the program that use this class may as well not know about
the existence of the QNode class.
The methods of the QueueImpl class follow the OCaml implementation. An
empty queue is one where the head and tail refernces do not point to queue nodes.
We can determine whether a queue is empty by determining if the head is null.
Adding a new value to the queue means making a new queue node. Then, if
the queue is empty, then we make the head and tail references point to the new
node. Otherwise, we modify the node at the tail of the queue to point to the new
node, and also update the tail reference.
tail = newnode;
} else {
tail.next = newnode;
tail = newnode;
}
}
Likewise, dequeueing from the queue modifies the linked list of queue nodes.
Note that if the queue is empty, this method will throw a NullPointerException
with the access head.next. There are better ways to deal with this situation in Java,
but we have not covered them yet.
How could this class violate encapsulation? What could it do that would be
wrong? One bad idea would be to make the head and tail public members of the
QueueImpl class. Then, any method, not just enq and deq could modify the links in
the list. It would be equally bad to for the QueueImpl class to return a reference to
any queue node from any public method.
[1] David Bayles and Ted Orland. Art & Fear: Observations on the Perils (and Re-
wards) of Artmaking. Image Continuum Press, 1993.
[3] Matthias Felleisen, Robert Bruce Findler, Matthew Flatt, and Shriram Krishna-
murthi. How to Design Programs: An Introduction to Programming and Computing.
MIT Press, 2003. Available online at http://www.htdp.org.
[4] David Flanagan. Java in a Nutshell (5th Edition). OReilly Media, 2005.
[5] Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. Design Pat-
terns: Elements of Reusable Object-Oriented Software. Addison-Wesley Profes-
sional, 1 edition, November 1994.